Interview transcript: 

Terry Gerton There’s been a lot of controversy around polygraphs in government over the past few months. So let’s start with some of the basics. Why do agencies like CISA and DoD continue to rely on polygraphs for certain positions?

Dan Meyer So that’s a great starting point. The first thing we have to recognize is that polygraph technology is so questionable that it’s generally not admissible in courts. So as evidence, it’s pretty thin, and that’s been a generational trend. It used to be accepted far more back in the 1930s and 40s than it is now. So we use polygraphs in the United States for counterintelligence. That’s what it’s for, reliability of the workforce. We want to be able to test and employ statements, various questions against some empirical basis of truth. The challenge with the polygraph is that it measures not truth, but physiology. It measures the way the body reacts. And science, over the years, has started to show that women and men, for instance, don’t react the same. They don’t have the same physiology. That’s why we have to do different types of medical research now, because women were traditionally ignored, because we always thought that men were the baseline, and everybody would be the same as men. Well, that turned out not to be true. The same situation exists with polygraphs, and there can be differences across the board which polygraphers can never accept, and they can’t accept because that starts to undermine their position within the professional community. So that’s the challenge, is that it measures physiology and not actual truth or veracity of the individual. At some point we’ll be out of this problem because we’ll have a tool that’s better than the polygraph and I do think that artificial intelligence will create it, but we in the United States use the polygraph to catch spies, other countries don’t. And that’s our only tool we really have. We’re not good at actually doing assessment of human potential from other types of analysis. So we’re stuck with it. It’s the only tool that we’ve got and it’s the one we use. And if you’re in the intelligence community or if you are in law enforcement, the chances are you’re going to be under a polygraph at some point in your career, if not your entire career.

Terry Gerton There was a recent controversy around the acting CISA director’s failure of a polygraph test. Can you fill us in a little bit on what went on there?

Dan Meyer I’m not privvy to the exact details of his particular case, but the alarming part of that is it was CISA. CISA is the heart of our cyber defense, and for much of the Biden administration, it was under very, very close scrutiny from a variety of congressional oversight authorities. Senator Grassley, at one point, was doing an inquiry. So there was concerns that CISA was being used politically. So on top of that concerns, the Trump administration came in with a commitment to reform it. And then you have this problem. And the problem seems to have developed around two questions. One is, did the individual fail a polygraph? You really don’t fail a polygraph, either there’s a detection or a non-detection. It’s really not like a test you can fail. But clearly did not pass, to use the vernacular, according to the reports. And then there’s the open question about whether that individual should have been under a polygraph, and there’s this allegation out there in the press that somehow he was set up. And so those are the two concerns there. The second one is kind of unique in that polygraphs are given based on the position and what’s called the criticality of the position. So it’s really about the classification of one’s job that determines whether you get a polygraph. So there really should be no question as to whether a person should have a polygraph or not have a polygraph, so if there was an open question, that should have been elevated to the appropriate authority to decide that. My understanding is that’s the DNI, is the DNI is in charge of reliability issues, security clearance issues across the board for the president in her capacity as the DNI, but not as the spymaster in the United States. It’s a collateral duty. That should have been resolved and it should not be at the point now where employees are being accused and somebody who’s now being seen as a victim of a wrongful polygraph process, that’s ugly. We should have never gotten to that point. That should have been raised and clarified before the polygraph went forward. The second use goes back to my original comment about physiology. People can fail polygraphs for a variety of reasons. There’s the famous guilt-grabber complex, which is that an individual is very at attention in their thoughts, very self-reflective, very self-aware. People who are that way about events in their lives may start to have feelings of guilt. Feelings of guilt can trigger physiology. And sometimes your feeling of guilt that you didn’t feed the cat on time this morning can bleed over into a question that when you were asked whether you committed an act of terrorism against the United States. Well, let’s put it this way. If you’re a sociopath, the chances are you’re going to pass a polygraph because the way you’re constructed in your behavioral mental health diagnosis is ideally suited to not triggering the physiology cues that exist for the polygraph. But if you’re a deeply religious person or spiritual person, it’s in the community, this is known as the Jewish and Catholic issue. People who are Jewish and Catholic all had a Jewish or a Catholic mother. You were taught to always think you were doing something wrong. I’m laughing because I was raised by a Catholic mother, and so I was always looking at my behavior and always questioning my behavior. That can be a disaster on a polygraph.

Terry Gerton I’m speaking with Dan Meyer, he’s an equity partner at Tully Rinckey. With all of the challenges with the polygraph that you’ve just articulated for us, if an employee or a contractor is facing one for their position, what are the best practices to prepare and protect themselves?

Dan Meyer Okay, so on the big picture, let’s talk about from the administration perspective. We ought not to have separate rules for separate people about polygraphs, we’ve got to stick with the structure. If the position requires it, it has to be performed. There should not be special exceptions. I know you always want to have special exceptions, but that’s a bad idea. For the individual, the first thing you do is do not watch videos and do not study the polygraph because you are going to be asked questions that ask you if you did that, and then you’re going to be in the awkward situation of trying to explain whether you adopted countermeasures to make it look like you’re telling the truth when you’re not telling the truth. Do not try to game the polygraph because if the polygraph has trouble figuring out truth or falsity, it does not have trouble figuring it out whether you’re gaming it, and that’s a huge reason why people fail polygraphs. It’s good to retain a law firm to get advice on your security profile to help you understand where your liabilities are and how to accurately report them. The whole key to the security paradigm is you’ve got to be comfortable with the way you resolve the issues in your life so that when you talk to security officials and you talk about those issues, you’re open and candid and there’s a complete and transparent flow of information between those people about that situation. Then you won’t fail the polygraph, then you’re going to do fine on your security review. The challenge we have in American culture at this point in time is everybody thinks you have to withhold information to game the process. Game the process in our commercial lives as consumers, game the process in our private lives as family members. This is an evil that has drifted into American culture, and it really is harmful on the polygraph. So you’ve got to think through about whether you’re open and honest about your life, and you’ve got to incorporate that principle into your job application.

The post Why agencies still use polygraphs and what a recent failure means for trust and reform first appeared on Federal News Network.

Ripple CEO Brad Garlinghouse is slated to appear on a World Economic Forum (WEF) panel on tokenization during Davos 2026, while Hedera says it will sponsor and participate in a slate of senior-level events running alongside the annual gathering. The WEF Annual Meeting 2026 is scheduled for Jan. 19–23 in Davos-Klosters.

Ripple Joins WEF Davos Tokenization Panel

Garlinghouse is once again listed among the public speakers for a WEF session titled “Is Tokenization the Future?” set for Jan. 21 (10:15–11:00 CET). The panel also lists Coinbase CEO Brian Armstrong, Standard Chartered CEO Bill Winters, ECB Governor François Villeroy de Galhau, Eurazeo CEO Valérie Urbain, and moderator Karen Tso.

The session framing is explicitly market-structure oriented, positioning tokenization as something moving beyond pilots and into mainstream financial rails. In the WEF description, organizers write: “Asset tokenization is accelerating quickly, moving from early experiments to full deployment across major asset classes. As adoption expands, it promises new ways for individuals to invest while presenting traditional firms and emerging innovators with complex new dynamics.”

A separate thread of Ripple’s Davos presence may run through “USA House,” a privately organized venue that typically operates in parallel with the official WEF perimeter. Venue materials list Ripple among sponsors of USA House for Davos 2026.

Hedera Brings EcoGuard Global To Davos

Hedera, for its part, is leaning into Davos week as a convening calendar rather than a single stage appearance. In a statement via X, Hedera announced: “Hedera is proud to be an official sponsor of the USA House during the WEF Annual Meeting in Davos, and will contribute to senior-level discussions on digital assets, AI, central banking, and G20 coordination.”

Hedera is also sponsoring Global Blockchain Business Council’s “Blockchain Central Davos,” which runs Jan. 19–22 alongside the WEF meeting, according to Hedera and GBBC materials.

Separately, a Hedera-built carbon-market initiative called EcoGuard Global is scheduled to officially launch in Davos on Jan. 20 at Turmhotel Victoria (3:00–6:00 PM), per EcoGuard’s announcement.

The EcoGuard description pitches an end-to-end infrastructure play around integrity and lifecycle accounting:

“EcoGuard Global is a full carbon lifecycle company building and operating digital infrastructure and managed marketplaces—while actively participating in carbon markets as a developer, investor, and market enabler for high-integrity climate projects… Built on the Hedera network by The Hashgraph Group, EcoGuard Global combines trusted digital infrastructure with market operations, capital, and partnerships to support credible, investable, and scalable carbon markets.”

At press time, HBAR traded at $0.12134.

Interview transcript:

Terry Gerton You’ve done an interesting report recently. You revealed that senior officials at the FBI were granted waivers for polygraph exams. Let’s start at the beginning. Really, is this normal? And if it’s not, what is normal?

William Turton It’s not normal. You know, the people we spoke to who’ve worked at the highest levels of the FBI have told us that to grant waivers for people like the deputy director, Dan Bongino, the congressional liaison, Marshall Yates and the executive assistant to the director Kash Patel — a woman named Nicole Rucker — granting them polygraph waivers is unprecedented. We spoke to one person who said that they can only recall one waiver being granted, to an outside expert, and that was the only one they knew of in about a seven-year period.

Terry Gerton Are senior leaders at the FBI normally required to pass a polygraph exam?

William Turton All FBI employees are required to pass a polygraph exam. And that’s been the case since 1994. So just to become an FBI employee, you must pass a polygraph. And then as you gain more clearances or access to more sensitive information, some employees have to pass multiple polygraphs.

Terry Gerton And what does a waiver, then, of the polygraph signify?

William Turton We would love to know more about why they were granted waivers. When you take a polygraph at the bureau, based on the people that we spoke to, you get asked all sorts of questions ranging from illegal drug use to foreign contacts. Anything in the spectrum there can potentially cause issues with your employment. We didn’t report any details as to why these people were granted waivers, but we’d love to know more.

Terry Gerton So who has the authority then to grant the waiver?

William Turton We reported that Kath Patel, the director of the FBI, granted the waivers to all three of the employees that I mentioned earlier.

Terry Gerton Is there any requirement to give a justification for that, or was there any transparency around why those waivers were provided?

William Turton The Bureau didn’t disclose that the waivers were granted. The only reason we know that is because we spoke to sources with knowledge and we ended up reporting it. But there was no sort of disclosure or justification from the Bureau as to why the waivers were granted. When we went to the Bureau for comment, one of the things that they told us was that, well, these employees are Schedule C political appointees, so therefore they don’t have to take a polygraph. We spoke to four experts who specialize in security clearances and polygraphs who told us that’s not true. Being a Schedule C or political appointee doesn’t preclude you from having to take a polygraph. And for the record, I went and checked the Plum Book; only one of the three employees that I previously mentioned, Nicole Rucker, is listed as a political appointee.

Terry Gerton One of the reasons that you might expect an FBI official to take a polygraph is to make sure there isn’t any compromising information in their background. But one of the other reasons is to secure that top secret clearance. What kind of information might these folks be exposed to and what is the impact of not having a clear polygraph test and clearance?

William Turton As we reported in this story, the deputy director of the FBI receives some of the most closely guarded secrets that the American government has to offer. People have told us that the deputy director would routinely receive the president’s daily brief, which is a summary from all across the intelligence community of some of the most pressing threats to the country. They also get access to SCI, or special compartmented information, where people are read in and read out of various programs, where a very small amount of people have knowledge of that program. There’s also secure spaces within FBI headquarters. For example, on the seventh floor where the director of the FBI works, the entire director’s suite is what’s known as a SCIF, or secure compartmented information facility, meaning it’s designed to protect against electronic eavesdropping, you can’t bring personal devices inside and you need clearance that is granted, in part, by passing your polygraph to access those spaces.

Terry Gerton I’m speaking with William Turton. He’s an investigative reporter with ProPublica. So what does all of this mean in terms of national security and public trust, if these folks don’t have the proper clearances or haven’t been properly vetted and have access to these important secret information?

William Turton I think one of the most immediate impacts that this has could be on the morale of other FBI employees. It’s important to note that Mr. Patel, the director of the FBI, has used the polygraph on his own workforce in order to see if negative comments have been made about him personally or if there have been leaks to the media. And so I think it presents a sort of immediate double standard that hasn’t really been explained by the Bureau, where top officials close to Patel don’t have to take a polygraph; at the same time Patel will use the polygraph to try and ferret out leaks or negative comments about his leadership.

Terry Gerton What’s happening in terms of oversight here? Has the Department of Justice said anything or the congressional oversight committees?

William Turton  Sen. Durbin, who is the ranking member of the Senate Judiciary Committee, which is the main congressional oversight body of the FBI, raised this issue before Kash Patel when he testified before Congress. This actually happened before our story published, but Durbin mentioned senior members of Patel’s staff, and didn’t at that time explicitly name the deputy director. So this is on Congress’s radar, and when Kash Patel was asked about this, he didn’t engage in the question directly and deflected.

Terry Gerton So this feels a little bit like a tree falling in the forest. If no one is there to hear it, does it make a sound? Is this really a big deal? And if it is, what is going to happen in terms of broader implications, policy changes or even maybe a shakeup?

William Turton The former senior FBI officials and other government officials we spoke to thought it was a big deal. They thought it was a reflection of the fact that the FBI is being run by people who wouldn’t be able to, in their view, pass the minimum requirements to become an agent, much less the deputy director. So I think there’s a question of security, absolutely, people are concerned about. There’s a question about keeping information confidential and secure. And then there’s open questions about the motivations of the people running the Bureau. Officials that we spoke to wondered whether this was an example of prioritizing personal loyalty to the Trump administration and the director, rather than the kind of policies and procedures that are typically in place for FBI employees.

Terry Gerton Have you heard anything from Sen. Durbin or his staff or the committees about moving forward with additional hearings or additional oversight or possibly even future reforms of this process?

William Turton We haven’t, really. I think the story got lost in the news a little bit. There’s been a lot of news about the Bureau of late. I’m keeping my ears open; I think there’s a lot more to this story. And I have a feeling that it’s just scratching the surface.

Terry Gerton If it is eventually to generate some kind of reform, what do you think would be most likely? Would it be tightening clearance rules or codifying the polygraph requirements, as an example?

William Turton I’m not sure what avenues for reform there are, because as I understand it, the director and the president basically have unilateral authority to grant waivers for polygraphs or to grant, in some cases, clearances. So I think I don’t think anyone is eager to change that level of authority that rests with the president or the director of the FBI.

Terry Gerton Do you see any parallels between how the FBI has approached the polygraph and maybe what’s happening in the Department of Defense?

William Turton I think the most obvious parallel to me in writing the story —  I’m a little bit biased because I did some reporting on this earlier this year —  but what was happening at DHS, where employees were regularly being polygraphed for questions about media leaks or if employees had criticized leadership. It was kind of the exact same thing that we’ve been hearing at the FBI happening to rank-and-file staff.

The post At the FBI, a national security safeguard was quietly dropped for top leadership first appeared on Federal News Network.

When planting outdoors, it’s highly probable that there will be problems that may leave plants in a less than perfect state. Even the best cocktail of nutrient and trace chemicals can still allow a nutrient deficiency. Grasshoppers may rear their ugly green heads or the nutrient will attract unsavory company, leading to an infestation that must be dealt with.

There are many variables to growing outdoors, but the most common of nutrient deficiencies will be encountered during the green foliage growth period. Lack of nitrogen is the most common deficiency. A large green leafy plant requires a very high level of nitrogen to achieve its full glory. The first sign is a gradual creep of yellow among the lowest and therefore leaves of the plant. If this happens, be sure to add a full ration of nitrogen to the next watering session. The yellow creep can be cured in only a few days if it hasn’t progressed to a point at which the tips of the leaves are curling and black or brown. At that point, it’s a permanent situation that can’t be remedied. It will be necessary to increase the amount of nitrogen so it doesn’t damage any newer leaves that would be higher on the plant. Some other symptoms of a nitrogen deficiency include red stems, smaller new leaves and slow growth.

A phosphorus deficiency rears its head by slow and stunted growth. The newer leaves of the plant will be smaller and a darker green than usual. As with nitrogen deficiency, a red color appears on the stems. The leaves may also develop a nasty red or purple color in the veins on the underside of the leaf. If phosphorous isn’t added, the older leaves will start to die. The affected leaves won’t be healed, but the progression of the damage will be stopped. The leaves will lighten in color to the beautiful green and the growth rate will pick up.

A potassium deficiency is often a tricky one to diagnose. Most of the time a potassium deficient plant will be tall and healthy looking, though they may be slightly phototropic in appearance. The indicators are the phototropic appearance and browning of the ends of the oldest leaves. A phototropic plant is one who expends all of its energy to reach a feeble light source, thus the tall spindly look they have. Recovery from a potassium deficiency is usually slow and is measured in weeks. The leaves that have been browned already usually die off. The leaves will have brown spots on them, particularly along the prominent center vein. As with most deficiencies of a serious nature, the stems and underside veins have a reddish or purple hue to them. The most common source of potassium is wood ash; so if last year the crop had a potassium deficiency, add a cup of wood ash this year to the nutrient or growing medium.

There are also deficiencies to be had with the elements iron, manganese, boron, molybdenum, zinc and copper. Because most outdoor growing mediums tend to be natural in source, nature has already included the other trace elements required for most of their life. However, adding trace elements two or three times in the life of the plant is always a good idea. If the plants don’t require them, they simply won’t take them up.

For those of growers in the country and planting in the backyard, the easiest way to keep pests and animals away from the plants is to plant geraniums around them. The common geranium secretes a substance that acts as an all-around pest repellent. This is its natural way to combat predators and has been working great for a lot longer than humans have been growing grass, so take note. Both animals and pests will shy away from your crop.

Whatever growing medium that will be used will eventually attract a pest, then many pests. This infestation of the growing medium can be tricky to get rid of. If the little critters are in the topmost inch or so of the growing medium, that medium will have to be replaced. Be gentle with the root system and deluge the area with a good garden-safe insecticide after removal of the top inch. It’s important to replace the growing medium with a chemically-inert medium. Test and alter the pH of the medium as required to hit a neutral value of seven. The growing medium will eventually adjust itself to the pH levels the plant is accustomed to over a space of about a week.

Growing outdoors is an easy and productive means to reduce or even replace the costs incurred by our green friend over the winter. With the right knowledge this year’s crop should thrive.

What are some of your outdoor growing tips? Share with our community on Facebook.

The post Re-Coup Winter Costs: Grow Outdoor appeared first on Cannabis Now.

The Future of Cyber Resilience The algorithms are hunting us. Not with malicious code, but with something far more insidious. During a recent Black Hat Conference roundtable hosted by Chuck...

The post Innovator Spotlight: 360 Privacy appeared first on Cyber Defense Magazine.

                                                
    ════════════════════════════════════╦═══    
     ╔═╦═╗ ╔═╗ ╔═╗ ╔═╗ ╔═╦═╗ ╔═╗ ╔══╔═╗ ╠═╗     
    ═╩ ╩ ╩═╚═╝═╩ ╩═╚═╝═╩ ╩ ╩═╚═╝═╩  ╠═╝═╩ ╩═    
    ════════════════════════════════╩═══════    
                                  By Retr0id    
                                                
    ═══ MD5-Monomorphic Shellcode Packer ═   ══    
                                                
                                                
USAGE: python3 monomorph.py input_file output_file [payload_file]

What does it do?

It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401

Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5. It would also be possible to use a multi-platform polyglot file like APE.

Example usage:

$ python3 monomorph.py bin/monomorph.linux.x86-64.benign bin/monomorph.linux.x86-64.meterpreter sample_payloads/bin/linux.x64.meterpreter.bind_tcp.bin

Why?

People have previously used single collisions to toggle a binary between "good" and "evil" modes. Monomorph takes this concept to the next level.

Some people still insist on using MD5 to reference file samples, for various reasons that don't make sense to me. If any of these people end up investigating code packed using Monomorph, they're going to get very confused.

How does it work?

For every bit we want to encode, a colliding MD5 block has been pre-calculated using FastColl. As summarised here, each collision gives us a pair of blocks that we can swap out without changing the overall MD5 hash. The loader checks which block was chosen at runtime, to decode the bit.

To encode 4KB of data, we need to generate 4*1024*8 collisions (which takes a few hours), taking up 4MB of space in the final file.

To speed this up, I made some small tweaks to FastColl to make it even faster in practice, enabling it to be run in parallel. I'm sure there are smarter ways to parallelise it, but my naive approach is to start N instances simultaneously and wait for the first one to complete, then kill all the others.

Since I've already done the pre-computation, reconfiguring the payload can be done near-instantly. Swapping the state of the pre-computed blocks is done using a technique implemented by Ange Albertini.

Is it detectable?

Yes. It's not very stealthy at all, nor does it try to be. You can detect the collision blocks using detectcoll.

                                                
    ════════════════════════════════════╦═══    
     ╔═╦═╗ ╔═╗ ╔═╗ ╔═╗ ╔═╦═╗ ╔═╗ ╔══╔═╗ ╠═╗     
    ═╩ ╩ ╩═╚═╝═╩ ╩═╚═╝═╩ ╩ ╩═╚═╝═╩  ╠═╝═╩ ╩═    
    ════════════════════════════════╩═══════    
                                  By Retr0id    
                                                
    ═══ MD5-Monomorphic Shellcode Packer ═   ══    
                                                
                                                
USAGE: python3 monomorph.py input_file output_file [payload_file]

What does it do?

It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401

Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5. It would also be possible to use a multi-platform polyglot file like APE.

Example usage:

$ python3 monomorph.py bin/monomorph.linux.x86-64.benign bin/monomorph.linux.x86-64.meterpreter sample_payloads/bin/linux.x64.meterpreter.bind_tcp.bin

Why?

People have previously used single collisions to toggle a binary between "good" and "evil" modes. Monomorph takes this concept to the next level.

Some people still insist on using MD5 to reference file samples, for various reasons that don't make sense to me. If any of these people end up investigating code packed using Monomorph, they're going to get very confused.

How does it work?

For every bit we want to encode, a colliding MD5 block has been pre-calculated using FastColl. As summarised here, each collision gives us a pair of blocks that we can swap out without changing the overall MD5 hash. The loader checks which block was chosen at runtime, to decode the bit.

To encode 4KB of data, we need to generate 4*1024*8 collisions (which takes a few hours), taking up 4MB of space in the final file.

To speed this up, I made some small tweaks to FastColl to make it even faster in practice, enabling it to be run in parallel. I'm sure there are smarter ways to parallelise it, but my naive approach is to start N instances simultaneously and wait for the first one to complete, then kill all the others.

Since I've already done the pre-computation, reconfiguring the payload can be done near-instantly. Swapping the state of the pre-computed blocks is done using a technique implemented by Ange Albertini.

Is it detectable?

Yes. It's not very stealthy at all, nor does it try to be. You can detect the collision blocks using detectcoll.