The University of Rhode Island Computer and Networking HelpDesk is the one-stop center for all tech-related issues at the university. We provide support for any issue related to eCampus, Sakai, E-mail, Internet connections, wireless, smartphones and tablets, laptops, desktops, and more.
Follow us on Facebook or Twitter for updates and urgent alerts.
Petya Ransomware Warning!
The MS-ISAC is aware of new ransomware activity similar to WannaCry using the Petya ransomware. Petya encrypts the Master File Table (MFT) for NTFS partitions and overwrites the Master Boot Record (MBR) with a custom bootloader. The ransomware demands an average payment of $300 in bitcoins. According to reporting by security researchers, Petya leverages the EternalBlue exploit that was made public in April by The ShadowBrokers and used by WannaCry to spread between systems on a network. EternalBlue utilizes a known SMB 1.0 vulnerability affecting most versions of Windows. Systems that have already had Microsoft’s MS17-010 security patch applied are not vulnerable to the EternalBlue exploit used by Petya. The MS-ISAC originally released a cyber security advisory on March 14, 2017, detailing the specifics of this vulnerability and recommending that MS17-010 be applied. Patches that mitigate the vulnerabilities have been made available through manual download for end-of-life Microsoft Windows operating systems that no longer receive mainstream support.
The initial propagation vector for Petya remains undetermined. The MS-ISAC monitoring service deploys multiple signatures for detecting the EternalBlue exploit.
The MS-ISAC has received no reporting indicating a successful Petya infection against an SLTT government entity.
According to the email provider Posteo, the cyber criminals were using a Posteo address for decryption key delivery, and this address has been disabled.
- Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
- Microsoft Windows Server Core Installations 2008, 2008 R2, 2012, 2012 R2, 2016
- Microsoft Windows; XP SP2/SP3, Embedded SP3, 8 RT
- Microsoft Windows Server 2003 SP 2
MS-ISAC recommends organizations work to determine if older versions of the identified software are currently running on systems and develop a proper migration plan to ensure software is upgraded appropriately.
- Blacklist the execution of perfc.dat as well as the PSExec utility from Sysinternals Suite.
- Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
- Block ingress and egress traffic to TCP and UDP ports 139, 445, and 3389 at your demarcation point.
- It is advised to immediately remove un-patchable hosts from the network
- Disable SMBv1 on all systems and utilize SMBv2 or SMBv3 after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments, especially those from un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
DIRECT LINK TO MANUAL PATCHES: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Supported Anti-Virus Software!
New Wireless Authentication!
Student Workers Needed for Helpdesk!
E-Campus Emergency Reset!
Multiple Ransomware Infections Reported!
US-CERT has received multiple reports of ransomware infections in several countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.Users and administrators are encouraged to review the US-CERT Alert TA16-091A to learn how to best protect against ransomware. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).!
Three Ways To Improve Google Chrome Performance On The Mac!
Check it out here!
URI Founders Day on the Quad Live Streaming Event!
A brief speaking program will begin at 3:15 p.m. on the Quad, followed by festivities including hayrides to Watson House tours, zip-lines, animals from Peckham Farm, games, historic clothing exhibit, music by Roger Ceresi’s All Starz, and complimentary food including hot dogs, kettle corn and Del’s lemonade! Live broadcast by WRIU.
First 125 guests will receive a free T-shirt! Free and open to the public. Join South County’s own 8-piece horn-driven band, Roger Ceresi’s All Starz, that will be on the Quad for this big event. High-energy R&B and rock ‘n roll for your soul!
Watch the live stream at stream.uri.edu.
Yikes! Time for Final Exams!
As we head into Finals, remember that the URI Helpdesk is open M – Th 8am to 9pm, Fri 8am to 5pm, Sat 10am to 4pm and Sun Noon to 6pm. Please come see us or call us. If not, send us an email or contact us here! Good luck everyone!
ITS Training Sessions!
ITS offers a wide array of training sessions (formerly called Short Courses) throughout the year. Our next wave has recently been announced and can be found here.
Team Drive for Google Suite Available Monday, April 17!
On Monday, 4/17, Team Drive for Google Apps for Education will become active for users with @uri.edu and @my.uri.edu Google accounts. Team Drive is an easier way to use Google Drive in a team environment. It allows all members of a designated team to have greater control over files. If you are interested, please watch the linked video for more information.
User Self-Service Password Recovery for Google Apps!
User Self-Service Password Recovery is now live for Google Apps, both @uri.edu and @my.uri.edu. This new feature allows users to save a recovery phone number and/or email and use them when they can not remember their password.
Are you a Technology Professional working on campus?
Do you support end user students, faculty or staff on computer systems, networking or applications?
Come join the URI University Technology Network (UTN).
Interact with central IT and distributed technologists to share knowledge, ask questions, and improve our service to the community.
To get started simply fill out the form here.
Google Suite Account Suspensions!
There have been an increased number of suspended Google accounts this morning. The team is looking into how to fix it on an Administrative level, but in the meantime please call 874-HELP and we can reactivate them for you. Sorry for the inconvenience.
• Usernames and Passwords – call 874-HELP
Need help setting up a Sakai course?!
Take a look at this video!
Think a server may be down?
You can check our monitoring page by clicking here, or scrolling to the bottom of this page.
Scanner/Printer mail errors
If you are receiving errors on your networked scanners or printers that send e-mails, please note that the outgoing mail server in the printer settings must be changed to smtpserv.uri.edu. Also, the printer needs to be added to a list of allowed devices. If you are using the correct smtpserver, and you are still having trouble, please call 874-HELP.
Phishing Attempt Advisory!
In recent days, we’ve learned of a new phishing attack that attempts to draw the attention of recipients with the subject line: “URI Help Desk Center”.
If you receive a message fitting this description, do not click on the link to validate your account, close the message immediately and report it as spam. Using the Google Mail Web Interface within the message, click on the down arrow to the right of the ‘reply’ button and select ‘Report phishing’. The message will be sent to the Google Gmail Team immediately for analysis and filtering.”
Our email traffic is filtered by the Google Message Security service, which provides you with protection against dangerous viruses and spam. However, some spam may occasionally get through to your inbox, so please use caution.
Phishing was a term originally used to describe email attacks that were designed to steal your online banking username and password. However, the term has evolved and now refers to almost any email-based attack. Phishing uses social engineering, a technique where cyber attackers attempt to fool you into taking an action. These attacks begin with a cyber criminal sending you an email pretending to be from someone or something you know or trust, such as a friend, your bank or your favorite online store. Their goal is to trick you into taking an action, such as clicking on a malicious link, opening an infected attachment or responding to a scam. Cyber criminals craft these emails to look convincing, sending them out to literally millions of people around the world. These attackers do not have a specific target in mind, nor do they know exactly who will fall victim. They simply know the more emails they send out, the more people they may be able to fool.
As a reminder, Free Security Awareness Training is available for all faculty and staff. This Security Awareness Training will not only help us better identify these types of Phishing Emails but also will provide us with information on how to protect our families from Cyber Security threats. To request a free account please contact Michael Khalfayan.
The following link will show you phishing messages we have received: http://security.uri.edu/thetank/
e-Campus Password Hint Change!
In the near future you will be receiving an email that says the following:
Our e-Campus system has detected that your password hint needs to be reset. Knowing your password hint allows you to reset your e-campus password without contacting the Help Desk. Please logon to e-Campus Student/ Faculty-Staff and use the following navigation to reset your password hint: Main Menu > Change Password Hint This is not SPAM. If you have any questions please call the URI Help Desk at 874-help. Thank you.
Please follow the instructions and update your password hint.
Spear Phishing Warning!
If you receive an email that looks like the following please delete it immediately and don’t click on any of the links:
From: Unversiity Of Rhode Budget and Financial Planning.
Date: Mon, Oct 10, 2016 at 1:40 AM
Subject: Important Info; Faculty/Staff
This is to notify you of our latest Financial Behaviors Before and After the Financial Crisis: Evidence from an Online Survey
Download the attachment, login and view the last senate resolve on staff salary cut down.
Thank you and kind regards.
The Budget & Financial Planning Office at the University of Rhode …STAFF. Linda Barrett, Director; Cheryl Hinkson, Assoc.
web.uri.edu/budget/ Tel: 401 874-5992 University of Rhode Island, Kingston, RI 02881, USA 1.401.874.1000—
Turning Point and MacOS Sierra Warning!
Via Turning Technologies:
Dear Valued Client,
With the upcoming release of Mac OS Sierra, we want to make you aware that some third-party software applications for Mac may experience short-term issues until future updates can be released. Along these lines, our development teams are preparing an update to TurningPoint Cloud Mac that will work seamlessly with the latest version of Apple’s OS. However, our future release of TurningPoint Cloud Mac is dependent upon the release of Sierra and cannot be finalized until the new OS is available.
We anticipate the TurningPoint Cloud Mac update will be available within 60 days of the OS release. In the meantime, to ensure proper TurningPoint Cloud functionality, we strongly recommend that Mac users wait to update their OS until our update to TurningPoint Cloud Mac is available.
Please contact Turning Technologies’ support team for any additional information at 866-746-3015.
Refreshing Your Browser Cache!
Now and again, you may encounter a problem in your browser where a page won’t load properly, or a password you think you know isn’t working, etc. Often times, refreshing the browser cache does the trick to fix normal everyday issues. This page explains step by step how to do it!
Google Tips and Tricks!
The Google Gooru tweets some of the best ideas and how-to videos for Google Apps.
For a full list of our services, please click here.
Check to see if a server is down!
(Only works on the URI Network.)