Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
History is littered with hundreds of conflicts over the future of a community, group, location or business that were "resolved" when one of the parties stepped ahead and destroyed what was there. With the original point of contention destroyed, the debates would fall to the wayside. Archive Team believes that by duplicated condemned data, the conversation and debate can continue, as well as the richness and insight gained by keeping the materials. Our projects have ranged in size from a single volunteer downloading the data to a small-but-critical site, to over 100 volunteers stepping forward to acquire terabytes of user-created data to save for future generations.
The main site for Archive Team is at archiveteam.org and contains up to the date information on various projects, manifestos, plans and walkthroughs.
This collection contains the output of many Archive Team projects, both ongoing and completed. Thanks to the generous providing of disk space by the Internet Archive, multi-terabyte datasets can be made available, as well as in use by the Wayback Machine, providing a path back to lost websites and work.
Our collection has grown to the point of having sub-collections for the type of data we acquire. If you are seeking to browse the contents of these collections, the Wayback Machine is the best first stop. Otherwise, you are free to dig into the stacks to see what you may find.
The Archive Team Panic Downloads are full pulldowns of currently extant websites, meant to serve as emergency backups for needed sites that are in danger of closing, or which will be missed dearly if suddenly lost due to hard drive crashes or server failures.
The Wayback Machine - https://web.archive.org/web/20250118223244/https://github.blog/news-insights/company-news/github-security-update-a-bug-related-to-handling-of-authenticated-sessions/
GitHub security update: A bug related to handling of authenticated sessions
Why did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out…
On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution to protect users from an extremely rare, but potentially serious, security vulnerability affecting a very small number of GitHub.com sessions.
On March 2, GitHub received an external report of anomalous behavior for their authenticated GitHub.com user session. Upon receiving the report, GitHub Security and Engineering immediately began investigating to understand the root cause, impact, and prevalence of this issue on GitHub.com. We took initial corrective action to patch the vulnerability on March 5 and continued our analysis throughout the weekend.
The patch to resolve the bug and session invalidation resolves the issue and you may log back in at any time.
What happened and what actions have we taken?
In extremely rare circumstances, a race condition in a backend request handling process could have misrouted a user’s session to the browser of another authenticated user, giving them the valid and authenticated session cookie for another user. It is important to note that this issue was not the result of compromised account passwords, SSH keys, or personal access tokens (PATs) and there is no evidence to suggest that this was the result of a compromise of any other GitHub systems. Instead, this issue was due to the rare and isolated improper handling of authenticated sessions. Further, this issue could not be intentionally triggered or directed by a malicious user.
The underlying bug existed on GitHub.com for a cumulative period of less than two weeks at various times between February 8, 2021 and March 5, 2021. Once the root cause was identified and a fix developed, we immediately patched GitHub.com on March 5. A second patch was deployed on March 8 to implement additional measures to further harden our application from this type of bug. There is no indication that other GitHub.com properties or products were affected by this issue, including GitHub Enterprise Server. We believe that this session misrouting occurred in fewer than 0.001% of authenticated sessions on GitHub.com.
Out of an abundance of caution, and with a strong bias toward account security, we’ve invalidated all sessions on GitHub.com created prior to 12:03 UTC on March 8 to avoid even the remote possibility that undetected compromised sessions could still exist after the vulnerability was patched. For the very small population of accounts that we know to be affected by this issue, we’ve reached out with additional information and guidance.
What you can do
We recommend you log back in now. In general, we encourage following our long-standing published security best practices for users and organizations.
If you experience an account lockout due to being unable to complete the MFA challenge when logging back in, please refer to our account recovery process.
The security and trustworthiness of the platform is paramount to all of us at GitHub and we’re working hard every day to protect the home for so many developers. We believe transparency is critical to promoting that trust, which is why we’re sharing this publicly now, and we’ll share our root cause analysis on this issue in the coming weeks.
March 18, 2021 update: We have published our in depth analysis of this bug. Read more about how we found and fixed this vulnerability here.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
Mike Hanley is the Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community.
When he’s not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and eight kids.
The December 17 release of OpenAI’s o1 model is now available in GitHub Copilot and GitHub Models, bringing advanced coding capabilities to your workflows.
We do newsletters, too
Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
