ADMIN Q

[backseatjuan]

Please someone explain to me this.

My hard drive crashed, I replaced hard drive, losing all the data, installed new windows on new hard drive. Then what I logged into sosuave in this new windows installation, in a brand new browser, I had my user name and password already filled up for me in sign in form. How is that possible?

 

[Atom Smasher]

I'm not sure myself. Although SS does take note of your public IP, I don't think it can go ahead and fill in your login form without a cookie. Perhaps someone else will chime in.

 

[logicallefty]

Are you using Google Chrome, and do you also have a Google account that you have signed in with on the new system with the fresh hard drive? Google has something called "Smart Lock for Passwords" which I believe can save your passwords to some websites to Google's cloud when you have both of these variables. I think the idea is for "convenience" between Android devices and computers.

 

[Atom Smasher]

Ahhh... that would have to be it.

 

[backseatjuan]

I have Firefox, I do have google account for e-mail.

 

[TheVirtualMind]

I have Firefox, I do have google account for e-mail.

If you have FireFox, it backs up your information and when you re-install it, your stuff is saved.

 

[backseatjuan]

If you have FireFox, it backs up your information and when you re-install it, your stuff is saved.

NO! It is only if you have a mozilla account, I do not have a mozilla account.

I installed Windows, then firefox, then logged into google via www.google.com so I can access youtube, then checked sosuave, and user and pass was already filled in for me. Strange! On no other site did I notice this. I wonder if anyone else can access my account. If they do I have no secrets lol, could only post some crap, and message some sh1t.

 

[Trunks]

NO! It is only if you have a mozilla account, I do not have a mozilla account.

I installed Windows, then firefox, then logged into google via www.google.com so I can access youtube, then checked sosuave, and user and pass was already filled in for me. Strange! On no other site did I notice this. I wonder if anyone else can access my account. If they do I have no secrets lol, could only post some crap, and message some sh1t.

Not an admin, but that sounds like it is the Google cloud.

 

[logicallefty]

Looks like you can check on Google by going to "passwords.google.com". And looked at stored passwords in their cloud. From the way I read it, though, it only works with Chrome. That or they just want you to think that it does. We all know how browser wars are, they don't want you using anything but Chrome so why acknowledge the competition?

Otherwise, if you are still curious where its coming from (I would be), here is something you can try:

- Download the free version of "X-Ways Winhex".
- Unzip it.
- Right click on "winhex.exe", Run As Administrator (or do setup.exe and fully install it if you want).
- When it opens go to Tools\Open Disk.
- Grab your C-drive/system drive.
- Then hit Ctrl-F. The search box will open.
- Put your SS userid "backseatjuan" in the search box, or your password to SS.
- Click checkbox next to "list contents up to 10000". OR increase if you want. But 10000 should work.
- Winhex will scour the disk forensically and look for your search term, backseatjuan, on every sector and in every file that it can parse. It will not parse encrypted files but it will look everywhere else even in deleted files, slack space, etc. It may get a little taxing if your have a slower computer.. As it goes, it will tell you the number of hits it has found. It will run for 10-15 minutes.
- When its done, at the top you will see a list of every instance it found on the hard drive of "backseatjuan", as well as the path to the file.

Now you just have to look at each file it found and see if you can gain anymore clues.