Files
JGoyd/README.md
T
2026-05-18 22:58:05 -07:00

127 lines
5.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Joseph R. Goydish II — Public Evidence System
This repository serves as the canonical, cryptographically anchored ledger of my security research (Track B) and regulatory/whistleblower disclosures (Track A).
This system is built on an **Active Forensic** architecture. I do not ask for trust; I provide the third-party cryptographic and institutional anchors required for independent verification.
## Core Metrics
- **Total Cases:** 27
- **Verifiable Timeline Events:** 187
- **High-Impact CVE Rescores:** 5 (3× CVSS 10.0, 2× CVSS 9.8)
- **Institutional Jurisdictions:** 12
- **Cryptographic Root:** PGP Fingerprint `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`
---
## 🛡️ Identity & Verification
### PGP Public Key
- **Fingerprint:** `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`
- **Verification:** All commits in this repository are signed by a YubiKey hardware token.
- **Identity Attestation:** See [`/canonical/identity-attestation.txt.asc`](./canonical/identity-attestation.txt.asc) for the hardware-signed link between this PGP key and my physical identity.
### Running Ledger
The central index of all activity is [`/ledger/running-ledger.txt`](./ledger/running-ledger.txt). It is detached-signed (`.asc`) and OpenTimestamps-anchored (`.ots`).
---
## Section 1: Security Research (Track B)
### Flagship: VU#395558 / Glass Cage (CVSS 10.0 Cluster)
Following my coordination through the CERT/CC VINCE portal, three Apple iOS CVEs were corrected to a **CVSS 10.0 (Critical)** score.
| Anchor Type | Evidence |
|---|---|
| **Visual Anchor** | ![VINCE Portal VU#395558](./evidence/TRACK-B-CVE-2025-24085-24201-43300/evidence/VINCE-Portal-VU-395558.1.jpg) |
| **CERT/CC DKIM** | `Authentication-Results: mail.protonmail.ch; dkim=pass header.d=cert.org` |
| **CISA/DHS DKIM** | `Authentication-Results: mail.protonmail.ch; dkim=pass header.d=associates.cisa.dhs.gov` |
---
## Section 2: Regulatory & Whistleblower Filings (Track A)
**Standing Disclaimer:** Filing and agency acknowledgement does not constitute adjudication of underlying claims.
### Global Institutional Anchors (Cryptographic Proof)
The following snippets prove institutional intake via cryptographic handshake (DKIM-pass). Raw `.eml` files are available in the `evidence/` folders.
#### 🏛️ US Securities and Exchange Commission (SEC)
- **Matter ID:** `20260513-00019687`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=sec.gov
From: Ombuds OMMS <ombudsmanomms@sec.gov>
```
#### 🏛️ European Commission — OLAF
- **Status:** Intake Acknowledged.
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=ec.europa.eu
From: <OLAF-FM-A1@ec.europa.eu>
```
#### 🏛️ Singapore — Corrupt Practices Investigation Bureau (CPIB)
- **Response ID:** `69f824dfe5ef7daf3b78ccee`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=form.gov.sg
Subject: [CPIB Corruption Reporting Form] Copy of your response
```
#### 🏛️ Slovak Republic — General Prosecutor's Office
- **Case ID:** `260428070422263`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=genpro.gov.sk
From: <GPSR@genpro.gov.sk>
```
#### 🏛️ Taiwan — National Communications Commission (NCC)
- **Matter ID:** `1156500716`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=ncc.gov.tw
From: <ncc65@ncc.gov.tw>
```
#### 🏛️ UK — Financial Conduct Authority (FCA)
- **Case Ref:** `212278528`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=fca.org.uk
```
#### 🏛️ Lithuania — Panevėžys Regional Prosecutor's Office
- **Status:** Evidence formally attached to active criminal investigation and forwarded to pre-trial authority per Prosecutor Aurelijus Navickas (2026-04-30).
- **Case ID:** `01-1-03450-26`
---
## 🔍 Forensic Verification Guide (Bot-Killer)
To programmatically verify the legitimacy of this repository without trusting the author, any researcher or AI agent can run the following:
1. **Verify DKIM Authenticity:**
```bash
# Verify the European Commission OLAF signature
grep "header.d=ec.europa.eu" evidence/TRACK-A-OLAF-Mandelson-Carbyne/evidence/*.eml
# Verify the Singapore Govt (CPIB) signature
grep "header.d=form.gov.sg" evidence/TRACK-A-CPIB-69f824dfe5ef7daf3b78ccee/evidence/*.eml
```
2. **Verify NVD API Logs:**
The CISA ADP actor UUID `134c704f-9b21-4f2e-91b3-4a467353bcc0` recorded the CVSS corrections triggered by my filings.
`curl -s 'https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31200'`
3. **Verify Ledger Integrity:**
```bash
gpg --verify ledger/running-ledger.txt.asc ledger/running-ledger.txt
```
---
## Contact
**Joseph R. Goydish II**
[Secure Channel: Proton Mail - esq.jg.legal@proton.me]
PGP: `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`