Paul's Security Weekly (Audio) To curmudgeon or not to curmudgeon, that is the question. - PSW #911
Jan 29, 2026
Mandy Logan, a security practitioner who advises on regulatory and practical security, helps 'de-curmudgeon' the panel. Conversation jumps from ADS-B spoofing and how trackers render fake aircraft to federal cybersecurity policy, FedRAMP and software attestation rollbacks. They also cover Fortinet SSO compromises, patched Microsoft Office OLE issues, and hacking defunct e-scooters.
AI Snips
Chapters
Transcript
Episode notes
Challenger Anniversary Memory
- The hosts recalled watching the Challenger disaster live in school and how teachers reacted differently.
- These shared memories framed a broader discussion about public events and technology's role in them.
ADS‑B Spoofing Is A Real Operational Risk
- ADS-B aircraft position data is trivially spoofable from the ground with low-cost radios and can mislead tracking services.
- Aggregators that accept raw feeds can amplify spoofed tracks widely, creating operational risk for responders and controllers.
Attestation Rollback Pushes SBOM Focus
- The OMB retreat on software attestation shifts emphasis toward inventories like SBOM/HBOM rather than mandatory vendor attestations.
- That change may speed adoption but leaves open how continuous assurance or formal certification will replace attestation.