security policy question
colinthomson1 at o2.co.uk
Tue Mar 5 16:54:30 GMT 2013
I would be inclined to be a nuisance and insist on a change of wording: for example to somehing like "carried out under my personal password and code while that password and code are being used by me or with my consent."
From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-bounces at chiark.greenend.org.uk] On Behalf Of Root
Sent: 04 March 2013 23:30
To: ukcrypto at chiark.greenend.org.uk
Subject: security policy question
I am not sending this from my usual account as gmail seems to have hit
various blacklists. Even though the 2 factor auth and MITM detection seems
to be a good thing in a web-mail service. So instead i am probably going to
be giving spamd on this OBSD box a good work out.
I am looking for a bit of advice.
I work for part of the NHS and was recently given a new version of our
security policy to sign.
It contains the usual i will be a good citizen, take care of the datas,
not hand out my password or transfer data onto unencrypted memory
sticks/laptops and leave them in taxis etc.
I am generally in favor of these and usually have no problems appending my
signature but the difference between the old and new policy is the
"I further understand that I am responsible for any transactions carried
out under my personal password and code"
I have no confidence that it wouldn't be trivial for someone to get hold
of my user-name and password by methods which don't involve me being
Any advice would be very helpful before i make a nuisance of myself.
More information about the ukcrypto