security policy question

Martin Hepworth maxsec at
Tue Mar 5 11:29:12 GMT 2013

I suggest this is trying to make you think twice about sharing passwords
and the like, but it does seem poorly worded and under evidence they'd have
to prove it wasnt you anyway (innocent until proved guiltly).

I see your point though, esp if you have quite a powerfull account with
access to lots of sensitive data.

Martin Hepworth, CISSP
Oxford, UK

On 4 March 2013 23:29, Root <root at> wrote:

> Hi All,
> I am not sending this from my usual account as gmail seems to have hit
> various blacklists. Even though the 2 factor auth and MITM detection seems
> to be a good thing in a web-mail service. So instead i am probably going to
> be giving spamd on this OBSD box a good work out.
> I am looking for a bit of advice.
> I work for part of the NHS and was recently given a new version of our
> security policy to sign.
> It contains the usual i will be a good citizen, take care of the datas,
> not hand out my password or transfer data onto unencrypted memory
> sticks/laptops and leave them in taxis etc.
> I am generally in favor of these and usually have no problems appending my
> signature but the difference between the old and new policy is the
> following:
> "I further understand that I am responsible for any transactions carried
> out under my personal password and code"
> I have no confidence that it wouldn't be trivial for someone to get hold
> of my user-name and password by methods which don't involve me being
> irresponsible.
> Any advice would be very helpful before i make a nuisance of myself.
> thanks
> mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list