From cc32c2e8d2e49515b4d99fc0153e15e402365372 Mon Sep 17 00:00:00 2001 From: "Joseph R. Goydish II" Date: Thu, 21 May 2026 20:08:14 -0700 Subject: [PATCH] Refresh embedded running ledger copy --- .gitattributes | 3 + ledger/running-ledger.txt | 118 ++++++++++------------------------ ledger/running-ledger.txt.asc | 18 +++--- 3 files changed, 47 insertions(+), 92 deletions(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..cbd18d0 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ + +ledger/running-ledger.txt text eol=lf +ledger/running-ledger.txt.asc text eol=lf diff --git a/ledger/running-ledger.txt b/ledger/running-ledger.txt index 411b30f..8948d67 100644 --- a/ledger/running-ledger.txt +++ b/ledger/running-ledger.txt @@ -1,89 +1,41 @@ ------BEGIN RUNNING LEDGER v2----- -Identity: Joseph R. Goydish II +-----BEGIN RUNNING LEDGER----- +Identity: Joseph R. Goydish II PGP Fingerprint: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11 -Schema version: 2 -Last Updated: 2026-05-18 21:00 UTC -Scope: Public anchor trail for Track A (regulatory/whistleblower) and Track B (vulnerability research) +Last Updated (UTC): 2026-05-18 +Format: YYYY-MM-DD | CATEGORY | SUBJECT | STATUS | PUBLIC_REF | LOCAL_PROOF ---- SCHEMA --- -| Entry ID | Date (UTC) | Track | Type | Agency/Vendor | My Role | Case ID | External Anchor URL | Proof File | SHA-256 | Sig | OTS | Status | +2025-01-09 | CERTCC | CERT/CC VINCE VU#395558 invitation | Chronology anchor before Apple 2025-01-27 advisory | CERT/CC VINCE reference VU#395558 | DKIM / portal evidence offline +2025-01-21 | CERTCC | VRF#25-01-MPVDT submission through CERT/CC VINCE | Chronology anchor before Apple 2025-04-16 advisory | CERT/CC reference gen-41698 | submission evidence offline +2025-03-18 | CERTIFICATE | CNVD-2025-06744, Apple iOS / iPadOS buffer overflow | CNVD/CNCERT certificate record names Joseph Goydish as contributor | CNVD-YCGO-202503023656 | SHA-256 352A56FF1319E1B8138B1F4C6F55B652CF09CCD8C6784610E3A3EF6A9A80723C +2025-04-22 | CERTIFICATE | CNVD-2025-07885, Apple memory reuse | CNVD/CNCERT certificate record names Joseph Goydish as contributor | CNVD-YCGO-202504012519 | SHA-256 D5BB17D5A27EABD32D272173116C90F89F12CDD912A26969115007383A7F21C8 +2025-11-12 | RESCORE | CVE-2025-24085, CoreMedia use-after-free | Public CISA/NVD rescore trail, CVSS 10.0 | https://nvd.nist.gov/vuln/detail/CVE-2025-24085; cisagov/vulnrichment#194 | public record +2025-11-12 | RESCORE | CVE-2025-24201, WebKit out-of-bounds write | Public CISA/NVD rescore trail, CVSS 10.0 | https://nvd.nist.gov/vuln/detail/CVE-2025-24201; cisagov/vulnrichment#194 | public record +2025-11-24 | RESCORE | CVE-2025-31200, CoreAudio memory corruption via audio decode | Public CISA/NVD rescore trail, CVSS 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2025-31200; cisagov/vulnrichment#200 | public record +2025-11-24 | RESCORE | CVE-2025-31201, Pointer Authentication bypass | Public CISA/NVD rescore trail, CVSS 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2025-31201; cisagov/vulnrichment#200 | public record +2025-11-26 | RESCORE | CVE-2025-43300, ImageIO out-of-bounds write | Public CISA/NVD rescore trail, CVSS 10.0 | https://nvd.nist.gov/vuln/detail/CVE-2025-43300; cisagov/vulnrichment#201 | public record +2025-04-22 | DISCLOSURE | NASA TLS certificate-chain misconfiguration disclosure for webhosting-external.jpl.nasa.gov | Submitted / packet hashed | offline reference | SHA-256 C3EDEDB6E86187484BC0F86E0A046AF65DC316983F6EAA23E679DC888E4A25BC +2025-12-25 | SUBMISSION | Department of Energy / NNSA DOE-417 electric emergency incident and disturbance report | Submitted / packet hashed | offline reference | SHA-256 D203750DDB657BD350B69343F36BF0C9364378004D508E5572347760C38743C2 +2026-03-24 | SUBMISSION | Taiwan NCC, Taiwan Mobile infrastructure relay-mesh submission | Decision reference assigned | NCC decision reference 11500091980 | SHA-256 4530081B986C0C084863FFA3102823DDCC81CDE0D9C1DC0E1B28BE2BA70F2AD7 +2026-04-08 | SUBMISSION | Microsoft MSRC Case 112639, MIME type-confusion / Defender / Exchange Online attachment inspection bypass | Case assigned / packet hashed | MSRC Case 112639 | SHA-256 274B18C9D3851F41DF33EB32691F4E8E0B46C5B68D7AC2A13D2CDCDD6C7C7722 +2026-04-28 | RECEIPT | Slovakia genpro.gov.sk verified electronic submission receipt | Receipt / tracking ID | Tracking ID 260428070422263 | SHA-256 84C410150FA89CF48433C19399449CADF7C75F32AACD377ECD14554991C36489 +2026-04-30 | RECEIPT | Lithuania Panevezys OTNK skyrius information attached to criminal case file | Attachment / case reference | Case 01-1-03450-26 | SHA-256 603409F4B01BFED46D22D7129EC22A1969F1A32921654B3559FEBBD4E62BC17D +2026-05-04 | SUBMISSION | EC OLAF Mandelson / Carbyne disclosure | Reference assigned / packet hashed | Ref 00Db00K8yP.!500Sk019RuGn | SHA-256 42F922168AFC25FD0AB6813F3782F16C8F1DA82365615B3FE8272964016371F7 +2026-05-04 | SUBMISSION | Singapore CPIB Corruption Reporting Form submission | Tracking ID / packet hashed | Tracking ID 69f824dfe5ef7daf3b78ccee | SHA-256 B0F4D9EED94BDC6D5C351296CC1949CA7D7106E0E8CFFA5B97DB54727608B137 +2026-05-05 | DISCLOSURE | DOJ FARA Public, Karim Wade / Macky Sall / Epstein-funded lobby disclosure | Public submission / packet hashed | DOJ / FARA public reference | SHA-256 83EF754869D953DC808130334E07719EC1210FE28EED8E6479482A0CEBBDD925 +2026-05-05 | SUBMISSION | Massachusetts AGO, MIT Media Lab / institutional governance complaint | Submitted / packet hashed | offline reference | SHA-256 A797257A9FBD19EFEC4BDA2FB023597EAFABEA143A4D9E9EBE8996F1B302CF62 +2026-05-06 | SUBMISSION | IRS Form 211 under IRC 7623(b), Southern Trust / Financial Trust / Epstein Estate | Submitted / packet hashed | offline reference | SHA-256 653F9D1F3497C51C955A82EF1E1B2C36782468A9EB813104FADD8D72D0C6764F +2026-05-06 | SUBMISSION | SEC TCR submission | Submission number assigned | Submission 17780-976-067-126 | offline evidence +2026-05-11 | RECEIPT | FCA, Bank of China (UK) Limited advisory and acknowledgement | Acknowledged / case reference | Case Ref 212278528 | SHA-256 5B77C1CE4B348B065D736D2E8B15F6015CBB2E434514511E18F35DC306127C4E +2026-05-13 | SUBMISSION | Japan ISA, ICRRA Article 70-1 visa-fraud referral | Submitted / packet hashed | offline reference | SHA-256 1D4CA44C8DF651E89119E621ECE12BA48E41FB928BFD82D12474F8DF4916ECBC +2026-05-18 | DISCLOSURE | Cloudflare abuse report | Public repository | https://github.com/JGoyd/datalytic-shadow-collectors | public repo -Status values: - VERIFIED — neutral third party confirms; evidence published - PARTIAL — timing/reference chain supports claim; full evidence not yet public - PENDING — confirmation email/PDF exists; not yet published - UNVERIFIED — self-asserted only; no external anchor - DISPUTED — contradicted by public record - -Role values (Track B): - Original-discoverer — vendor acknowledgement names me - Enrichment-contributor — CISA ADP rescore citing my submission - Chain-analyst — chain reconstruction of existing CVEs - Forensic-observer — observation, not vendor-confirmed -Role values (Track A): - Filer — submitted material, agency acknowledged - ---- ENTRIES --- - -# ===== TRACK B ===== - -B-01 | 2025-11-12 | B | CVE/CVSS | Apple (via CISA ADP) | Enrichment-contributor | CVE-2025-24085 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-24085 | evidence/TRACK-B-CVE-2025-24085-24201/ | PENDING | PENDING | PENDING | PARTIAL - -B-02 | 2025-11-12 | B | CVE/CVSS | Apple (via CISA ADP) | Enrichment-contributor | CVE-2025-24201 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-24201 | evidence/TRACK-B-CVE-2025-24085-24201/ | PENDING | PENDING | PENDING | PARTIAL - -B-03 | 2025-11-24 | B | CVE/CVSS | Apple (via CISA ADP) | Enrichment-contributor + Chain-analyst | CVE-2025-31200 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31200 | evidence/TRACK-B-CVE-2025-31200-31201/ | PENDING | PENDING | PENDING | VERIFIED - -B-04 | 2025-11-24 | B | CVE/CVSS | Apple (via CISA ADP) | Enrichment-contributor | CVE-2025-31201 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31201 | evidence/TRACK-B-CVE-2025-31200-31201/ | PENDING | PENDING | PENDING | VERIFIED - -B-05 | 2025-11-26 | B | CVE/CVSS | Apple (via CISA ADP) | Chain-analyst | CVE-2025-43300 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-43300 | evidence/TRACK-B-CVE-2025-24085-24201/ | PENDING | PENDING | PENDING | PARTIAL - -B-06 | 2025-03-18 | B | CNVD | CNCERT/CC | Original-discoverer (claimed) | CNVD-2025-06744 / CNVD-YCGO-202503023656 | (CNVD certificate offline) | evidence/TRACK-B-CNVD-2025-06744/ | PENDING | PENDING | PENDING | UNVERIFIED - -B-07 | 2025-04-22 | B | CNVD | CNCERT/CC | Original-discoverer (claimed) | CNVD-2025-07885 / CNVD-YCGO-202504012519 | (CNVD certificate offline) | evidence/TRACK-B-CNVD-2025-07885/ | PENDING | PENDING | PENDING | UNVERIFIED - -B-08 | 2026-04-08 | B | MSRC | Microsoft Security Response Center | Reporter | MSRC-112639 | (MSRC portal — confidential) | evidence/TRACK-B-MSRC-112639/ | PENDING | PENDING | PENDING | PENDING - -B-09 | 2025-04-22 | B | TLS-misconfig | NASA / JPL | Discloser | (intake ref pending) | (NASA/JPL acknowledgement) | evidence/TRACK-B-NASA-JPL-TLS/ | PENDING | PENDING | PENDING | UNVERIFIED - -B-10 | 2025-12-25 | B | DOE-417 | DOE/NNSA EOC | Filer | 5941450-1585693 | (DOE EOC reply — agency-controlled) | evidence/TRACK-B-DOE-417/ | PENDING | PENDING | PENDING | PENDING - -B-11 | 2026 | B | Abuse-report | Cloudflare | Filer | (Cloudflare ticket ref pending) | (Cloudflare abuse acknowledgement) | evidence/TRACK-B-Cloudflare-abuse/ | PENDING | PENDING | PENDING | UNVERIFIED - -B-12 | 2026 | B | FBI-IC3 | FBI Internet Crime Complaint Center | Filer | 067b3177c3524c80bce02cca08064d11 | (IC3 confirmation — not externally queryable) | evidence/TRACK-B-IC3-067b3177c3524c80bce02cca08064d11/ | PENDING | PENDING | PENDING | UNVERIFIED - -# ===== TRACK A ===== - -A-01 | 2026-05-06 | A | SEC-TCR | U.S. Securities and Exchange Commission | Filer | 17780-976-067-126 | (SEC TCR Office acknowledgement — DKIM sec.gov) | evidence/TRACK-A-SEC-TCR-17780-976-067-126/ | PENDING | PENDING | PENDING | PENDING - -A-02 | 2026-05-06 | A | IRS-Form-211 | U.S. Internal Revenue Service Whistleblower Office | Filer | (claim # pending paper letter) | (IRS Whistleblower Office acknowledgement) | evidence/TRACK-A-IRS-FORM-211/ | PENDING | PENDING | PENDING | UNVERIFIED - -A-03 | 2026-05-05 | A | DOJ-FARA | U.S. DOJ FARA Unit | Filer | (FARA Unit intake ref) | (FARA Unit acknowledgement — DKIM usdoj.gov) | evidence/TRACK-A-DOJ-FARA-Public/ | PENDING | PENDING | PENDING | UNVERIFIED - -A-04 | 2026-05-04 | A | OLAF | European Anti-Fraud Office (OLAF) | Filer | 00Db00K8yP.!500Sk019RuGn | https://www.bbc.com/news/articles/cj98zm22327o (publicly confirmed parallel OLAF investigation into Mandelson) | evidence/TRACK-A-OLAF-Ref-00Db00K8yP/ | PENDING | PENDING | PENDING | PARTIAL - -A-05 | 2026-05-04 | A | CPIB | Singapore Corrupt Practices Investigation Bureau | Filer | 69f824dfe5ef7daf3b78ccee | (CPIB acknowledgement — DKIM cpib.gov.sg) | evidence/TRACK-A-CPIB-69f824dfe5ef7daf3b78ccee/ | PENDING | PENDING | PENDING | UNVERIFIED - -A-06 | 2026-05-11 | A | FCA | UK Financial Conduct Authority | Filer | 212278528 | (FCA acknowledgement — DKIM fca.org.uk) | evidence/TRACK-A-FCA-212278528/ | PENDING | PENDING | PENDING | UNVERIFIED - -A-07 | 2026-05-13 | A | Japan-ISA | Japan Immigration Services Agency | Filer | (ISA intake ref) | (ISA acknowledgement) | evidence/TRACK-A-Japan-ISA-ICRRA70-1/ | PENDING | PENDING | PENDING | UNVERIFIED - -A-08 | 2026-04-28 | A | Prosecutor-General | Slovak Republic — Generálna prokuratúra | Filer | 260428070422263 | (genpro.gov.sk e-signed receipt — eIDAS PAdES) | evidence/TRACK-A-SK-260428070422263/ | PENDING | PENDING | PENDING | PENDING - -A-09 | 2026-04-30 | A | Prosecutor-Regional | Lithuania — Panevėžio OTNK skyrius | Filer | 01-1-03450-26 (case file); IBPS-S-248320-26 (doc reg.) | (IBPS e-signed receipt — eIDAS PAdES) | evidence/TRACK-A-LT-CASE-01-1-03450-26/ | PENDING | PENDING | PENDING | PENDING - -A-10 | 2026-03-24 | A | NCC | Taiwan National Communications Commission | Filer | 通傳基礎決字第11500091980號 | (NCC decision letter) | evidence/TRACK-A-TW-NCC-11500091980/ | PENDING | PENDING | PENDING | PENDING - -A-11 | 2026-05-05 | A | State-AG | Massachusetts Attorney General's Office | Filer | (AGO intake ref) | (AGO acknowledgement) | evidence/TRACK-A-MA-AGO-MIT-MediaLab/ | PENDING | PENDING | PENDING | UNVERIFIED - ---- NOTES --- -- Append-only after first signed publication. Edits in pre-publication drafts only. -- Every entry must terminate in a third-party-controlled anchor URL OR carry status UNVERIFIED. -- This ledger MUST be detached-signed (gpg --armor --detach-sign) and OpenTimestamps-anchored on each update. -- Prior signed versions are retained as historical artifacts. +NOTES +Agency acknowledgement means receipt or intake. It does not mean adjudication. +DKIM/e-signed artifacts establish message or receipt provenance, not the truth of every submitted allegation. +SHA-256 values identify offline packet bytes; they do not make packet contents public. +Detached signatures must be regenerated whenever this file changes. VERIFICATION -This ledger is cryptographically bound to the fingerprint above. The detached -PGP signature (running-ledger.txt.asc) and OpenTimestamps proof -(running-ledger.txt.ots) are published alongside this file. +gpg --verify running-ledger.txt.asc running-ledger.txt ------END RUNNING LEDGER v2----- +-----END RUNNING LEDGER----- diff --git a/ledger/running-ledger.txt.asc b/ledger/running-ledger.txt.asc index 7e14156..7f2c1cb 100644 --- a/ledger/running-ledger.txt.asc +++ b/ledger/running-ledger.txt.asc @@ -1,12 +1,12 @@ -----BEGIN PGP SIGNATURE----- -iQFPBAABCAA5FiEESgQfUG2JT17jkXQ4ZIeLVqLrLREFAmoL4KkbFIAAAAAABAAO -bWFudTIsMi41KzEuMTIsMiwxAAoJEGSHi1ai6y0Rzh0IAKe0IecTmKXfH23HM+mS -2UjzAGaLzTN5nvpSjPtjI4tI1sysMz0+HH6WntQFA6UL6fqUGUcMB48/ugrDbDhJ -bkPlLAvjLLPDRL3pg+4OFI6Tf5JKsoF47I1b1lN5iMbITPzqBRKVeuhdJ3Fbg7xN -vqeaNaRqkck5RPQrILo5yLfo1Spvv1r6xYFDj+1SaNLv9AtmLMXgQVnTQafkXwVU -sH8cdtJC8cQ3JZkDM/9IuQTU9LMw/i3iWpZZSc3RaYEMbMb1KZmHP/qne8vnZ54J -vPNp1WR3l53ZRM41mP5QrxD43IF/3kPo3IAYx1wkqiaw57hOpZMD2EstNMo7VAYh -Ugg= -=4AL1 +iQFPBAABCAA5FiEESgQfUG2JT17jkXQ4ZIeLVqLrLREFAmoPZYsbFIAAAAAABAAO +bWFudTIsMi41KzEuMTIsMiwxAAoJEGSHi1ai6y0RsKUIAOsRwrzm4MdidVkJ97A9 +9HSeg1pP1BzoLgu9PCa1b3pDz28+qMS3FPIAdHf4Aqb3qQxoShhjxCWINj7ZuicW +6z2eqGN2WRFvECoBTOX2uRZn0i/qqLGQ4cDyO82GtlGqeZh+WAGZBFTjGKbQ9RMm +2jT6bBvUxCb6nF9JJjYo1AzbJ1aTvTQy29X9qewP0GKd30oZ7P4oSG1mywIK/iF2 +imqBljikLEoNCfhzbq4UqH4IEd9Jxp4i6QTxBXpmDQRa4qvtgviIYbLNk/tQ4nHt +/TjdMc1wZyLiqrDThtdNlyY5Tx9q4ce/9XyELcz2yH9NRFbOuCgUQTiH3MzQqyBp +ZKI= +=+RYD -----END PGP SIGNATURE-----