Author Archives: Christopher Budd

About Christopher Budd

Writer, Security and Privacy Consultant, Crisis Communications Expert, Making Awful News Just Bad™ Since 2001.

New Geekwire Article: How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks

My latest article is up on Geekwire: How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks.

In this article I apply my “Five Stages of Hacked” to the ongoing SolarWInds event to help people better understand how serious the impact of the SolarWinds hacks against various organizations are.

The Five Stages of “Hacked”

[Note: This scale is now posted on its own page here.]

While doing some work around the SolarWinds hacks, I realized that there’s just no simple triage scale that we in the industry can use to simply and succinctly characterize the severity of hacks.

This is my proposal for a simple scale to enable simple but meaningful comparisons of the severity of hacks.

Since the most important thing in hacks is the spread and severity, the cancer staging system gives a good model for measuring these kinds of things so this is adapted from that.

  • Stage 0: The attackers have found or made an entry point to systems or the network but haven’t used it or took no action.
  • Stage I: Attackers have control of a system but haven’t moved beyond the system to the broader network.
  • Stage II: Attackers have moved to the broader network and are in “read-only” mode meaning they can read and steal data but not alter it.
  • Stage III: Attackers have moved to the broader network and have “write” access to the network meaning they can alter data as well as read and steal it.
  • Stage IV: Attackers have administrative control of the broader network meaning they can create accounts and new means of entry to the network as well as alter, read and steal data.

(Also posted on Medium)

New Geekwire Article: How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack

In my latest Geekwire article “How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack, I continue looking at the SolarWinds event, this time digging into the SAML token angle that’s not been covered very well. Others have either ignored it entirely or touched on it in a light, technically unclear/inaccurate way all leading to confusion and a lack of appreciation for how serious this angle is.

Geekwire Article: Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach

In my latest posting on Geekwire, “Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach” I draw on my past experiences being on the teams running the biggest incidents at Microsoft. In this I give what I think is the fullest picture ever on what Microsoft has done in a major incident, in this case the ongoing SolarWinds incident.

Microsoft doesn’t do this for all incidents, but this isn’t the only incident they’ve pulled out the stops like this. Unfortunately no one outside of the teams has ever really understood how much they can and do do at times.

In that way, this article is dedicated to the literally hundreds if not thousands of people who have worked these incidents at Microsoft over the years, many of whom I had the true honor and pleasure of working with.

Update 12/28/2020: As a follow up I’m happy to say I’ve heard from several people that this has been making the rounds internally at Microsoft and has made people who otherwise haven’t gotten credit for work feel they got some credit. That makes me very happy.

Also, I’m told that about two weeks after posting, this has racked up around 800,000 page views, making it one of the best performing article ever for Geekwire.

The #BerliozWalkingTour Begins

“Andante” is that it’s a musical term meaning a tempo that is basically a walking pace. I adopted that as the name for my music writing years ago because I liked the idea of approaching music at a walking pace.

Over the years I combined that approach with my love of travel and adventure writing to crystalize my approach to writing about music. The idea is that I write about music as one writes about the things they see on a walking tour when exploring and finding things the reader may not know about.

I’m taking this a step further now by initiating focused “walking tours” that focus on specific subject areas.

I’ve decided to make Hector Berlioz the subject of my first “walking tour”.

The reason for this is because he’s not as well-known as many other composers and I think that’s a shame. His work is fantastic and also important in music history: in some ways you wouldn’t have Wagner without Berlioz.

So I think Berlioz is a good subject for my first “walking tour”.

The way this will work is I’ll be posting things here, on Tumblr and on Twitter all using the #berliozwalkingtour hash tag. I’ve also created a YouTube playlist for the tour.

If anyone wants to join in, they can use the hashtags as well: the more the merrier.

The best place to find everything I post will be on Twitter, as all blog and Tumblr posts will be announced there, as well as the Twitter posts.

In closing, let me leave you with Berlioz’s Messe solennelle. Berlioz wrote this piece in 1824. It was performed only a couple of times after which Berlioz said he destroyed it. A copy was found in 1991 by a Belgian schoolteacher in an organ gallery in Antwerp.

Berlioz’s music has been catalogued by D(allas). Kern Holoman so his works are labelled with “H”. This work is H 20a.

Here is John Eliot Gardiner leading the work. This can be found on the Berlioz: The Complete Works collection.

Reviving Andante

I have had a space where I’ve talked about music off and on since 2006.

Lately, it’s been off.

I’m bringing it back again, once again under the Andante label.

I’ll be posting blog articles here under the “Music” tag.

I’ll be posting clips and short things over at Tumblr:

I’ve got a separate Twitter handle for these postings here:

And finally, I’ve created a YouTube channel here:

Once again the premise is to bring a travel writer’s sensibility to the topic: sharing things I discover that I find interesting. I’ll leave the heavy analysis and critiques to others. This is all about finding interesting things and sharing them. Or at the least, writing them down so I don’t forget them.

New Geekwire Article on Microsoft’s Pluton

I’m proud to say that I’ve got a new article up on With ‘Pluton’ chip, Microsoft shows strength, and proves Trustworthy Computing still matters.

This goes deeper into the story to explain why this announcement is more significant than it may seem and what it tells us about today’s Microsoft and the continuities you can still find with the Gates-era Microsoft.