| Aug | SEP | Oct |
| 23 | ||
| 2021 | 2022 | 2023 |
COLLECTED BY
Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
History is littered with hundreds of conflicts over the future of a community, group, location or business that were "resolved" when one of the parties stepped ahead and destroyed what was there. With the original point of contention destroyed, the debates would fall to the wayside. Archive Team believes that by duplicated condemned data, the conversation and debate can continue, as well as the richness and insight gained by keeping the materials. Our projects have ranged in size from a single volunteer downloading the data to a small-but-critical site, to over 100 volunteers stepping forward to acquire terabytes of user-created data to save for future generations.
The main site for Archive Team is at archiveteam.org and contains up to the date information on various projects, manifestos, plans and walkthroughs.
This collection contains the output of many Archive Team projects, both ongoing and completed. Thanks to the generous providing of disk space by the Internet Archive, multi-terabyte datasets can be made available, as well as in use by the Wayback Machine, providing a path back to lost websites and work.
Our collection has grown to the point of having sub-collections for the type of data we acquire. If you are seeking to browse the contents of these collections, the Wayback Machine is the best first stop. Otherwise, you are free to dig into the stacks to see what you may find.
The Archive Team Panic Downloads are full pulldowns of currently extant websites, meant to serve as emergency backups for needed sites that are in danger of closing, or which will be missed dearly if suddenly lost due to hard drive crashes or server failures.
Collection: Archive Team: URLs
Author:
Lisa Vaas
minute read
Share this article:
GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords.
GitHub, the ubiquitous host for software development and version control (and unfortunate target of a steady pitter-patter of attacks targeting the same), is now supporting security keys when using Git over SSH.
In a post on Monday, GitHub security engineer Kevin Jones said that this is the next step when it comes to increasing security and usability. These portable FIDO2 fobs are used for SSH authentication to secure Git operations and to forestall the misery that unfurls when private keys accidentally get lost or pilfered, or when malware tries to initiate requests without user approval. Just one example: In 2019, the TrickBot info-stealing malware got a makeover that enabled its password grabber to target data from OpenSSH applications.
These security keys, which include YubiKey, Thetis Fido U2F Security Key and Google Titan Security Keys, are easy to pop into your pocket and cart around between machines, with most connecting via USB, NFC or Bluetooth. They provide an alternative to the one-time passwords provided by applications or sent via SMS. As it is, SMS SSH codes sent via text can be and have been intercepted.
Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine.
In contrast, as Jones pointed out, much of the data on a security key is protected from external access and modification, meaning that the key keeps its secrets tucked away and out of reach. While the devices store a private key on your computer, those on-computer keys are simply a reference to the physical security key: in other words, they’re useless to anybody who doesn’t have the actual device in hand.
Given that the keys are one of the factors in multi-factor authentication (MFA), users should safeguard the devices just like they would any other credential. If you’re the only one who can get at your security key, you can, in fact, leave it plugged in. “When using SSH with a security key, none of the sensitive information ever leaves the physical security key device,” Jones added. “If you’re the only person with physical access to your security key, it’s safe to leave plugged in at all times.”
Neither malware nor accidental private-key exposure can give away your credentials when you use a security key, he said: “As long as you retain access to the security key, you can be confident that it can’t be used by anyone else for any other purpose.”
Threatpost
The First Stop For Security News
●Home
●About Us
●Contact Us
●RSS Feeds
●Copyright © 2022 Threatpost
●Privacy Policy
●Terms and Conditions
