The European Union is, once again, attempting to dictate global policy way outside their jurisdiction. I run uBlock Origin and Ghostery (you should too!), which already deals with the things GDPR was largely concerned with. The GDPR made the average web browsing experience worse, not better. The Digital Services Act (DSA) expands upon GDPR in a way that supposedly targets very large companies but, digging into it, it actually appears to affect businesses of all sizes. Let's say you run a small business and you have a website. That website has a domain (DNS) that is issued by a registrar (e.g. GoDaddy, NameCheap, etc.) and is hosted on a third party service (e.g. a VPS provider like AWS, DigitalOcean, OVH, etc. or a shared hosting provider like 1&1, GoDaddy, etc.) and then speeds up global content delivery of static assets via a CDN (e.g. CloudFlare). If you are a website developer/admin, all of this sounds perfectly normal and completely innocuous to you. Now let's
Here is a lovely but slightly redacted image: There's a lot going on here, so let me explain. First off, the Command Prompt is no ordinary Command Prompt. See the title bar of the window? 'cmd.exe' is running as NT AUTHORITY\SYSTEM, the most powerful user account in Windows, on my desktop as a child process of a non-elevated process via the assistance of a temporary NT System Service. A procedure that had never been done before May of 2021. I recommend reading this post (and watching the really cool video I made about it) if you haven't already done so. In short, we're already in completely uncharted territory on Windows. Since the parent process is running as NT AUTHORITY\SYSTEM, it is one step away from being able to create security tokens for other users without the user's credentials (i.e. without the user's password, biometrics, etc). The above command creates an elevated token for a user in the Administrators group from scratch, routes st