Currently developing Probely technology and business, mostly focusing on improving the vulnerability detection capabilities.
Before that, I have worked for almost 12 years at Portugal Telecom, most of them in the web security team of SAPO which I co-founded with another teammate. In those days I tested site security, trained developers to code securely, provided all-around security consultancy and earned CPEs. Before SAPO, I spent a few years reverse-engineering traffic from proprietary applications and taking care of a countrywide network of honeypots.
I’m also a Security Researcher at Cobalt and a trainer at Citeforma, delivering courses about Linux and Network Security.
I hold a Master in Information Technology/Information Security by the Carnegie Mellon University and CISSP certification.
I’m a frequent speaker at security events, such as Codebits, Just4Meeting, ISEL Tech, Confraria da Segurança da Informação and recently at the BSides Lisbon conference. Slides and more info are available at http://www.linkedin.com/in/tiagomendo.
For the last few years, my team organizes a Capture The Flag security contest inside Pixels Camp (previously Codebits) where participants have to break in a number of web applications to get the flags, competing against other teams.
Cryptojacking is the digital version of it — it’s when the hacker steals your computer’s resources and uses them to harvest cryptocurrency. Mining is only a viable business if the cost of the computing power and electricity required to operate and cool down your systems is significantly lower than the monetary gain you get from mining.
Facebook announced it suffered an attack that affected almost 50 million users. The hack required the chaining of multiple vulnerabilities, being one of them in the “View As” feature, that help users control their privacy by previewing how other users see their profile.
