University of Colorado at Boulder  
Map A to Z Index Search CU Home
ITS logo
Information Technology Services News | Search
ITS Docs

IT Security Topic — Phishing

 


 

Clarifying the role of "Active X"
By Ken Rumer

ActiveX controls are only available in Internet Explorer on Windows systems. This feature allows the installation of software by companies if you deem the publisher to be trusted and the software to be necessary for greater functionality on your computer.

ActiveX controls should not immediately be considered dangerous as many of us use them everyday. Macromedia Flash, Shockwave, Adobe Acrobat, and Microsoft Windows Update are examples of these programs. ActiveX closely follows the "Plug-in" paradigm of other browsers, with the exception of requiring a download.  ActiveX also provides an added security window showing that the authenticity of the application was verified. 

The key here is trust: If a security window pops-up and asks you to install software, you should research who is attempting to install software on your computer and only grant the software the right to install if you will gain necessary functionality. The ability to download and install software is cross-browser and cross-platform; in fact ActiveX and Plug-ins have never been considered a vulnerability.

Here's an example of the security window:

Contact Information
Campus IT Security Office
(303) 735-HELP
security@colorado.edu

   Did You Know?
Phishing is a scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security Number, passwords, or other sensitive information. 

Quizzes

Is it Phishy?
Take these quizzes to see how well your phish detector works. Please note: these links will take you to a non-CU site.

Phishing IQ Test
Test Your Phishing Skills


Useful URLs
Check out these other web sites to learn more about phishing:

Anti-Phishing Working Group offers consumer information on how to avoid phishing scams, what to do if you think you're a victim of one of these scams, and examples of recent attacks (as well as more than 100 screenshots of specific phishing scams).
A Consumer's Guide to E-Payments
How Not to Get Hooked by a ‘Phishing’ Scam
Is Someone "Phishing" for Your Information?
Microsoft Security Solutions
PC World (search its news site for info on phishing, pharming, and other online dangers)
CERT
Gartner Security & Privacy

       
       Support | Training | Facilities | About ITS | ITS Home
 
IT Service Center, 303-735-4357 (5-HELP from an on-campus phone), help@colorado.edu
Send comments about the web site to itsfeedback@colorado.edu
ITS Policies & Guidelines

Last reviewed: August 29, 2006