The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

    • @EefvanKoos Dank je wel. Stapje voor stapje kom ik er wel. 1 hour ago
    • @EefvanKoos Heb een arts die al heel lang goede resultaten aflevert. Duimen dat het bij mij ook goed gaat. 1 hour ago
    • RT @trouw: PvdA-Kamerlid Henk Nijboer stapt per direct uit het presidium, het voorzittend orgaan van de Tweede Kamer. Hij zegt dat de kriti… 1 hour ago
    • RT @locuta: Energieprijsplafond ziet er goed uit. 1,45€ per m3 gas en 0,40€ per kWh. Met limieten van respectievelijk 1200m3 gas en 2900kWh… 1 hour ago
    • RT @DeSpeld: Grootayatollah Khamenei in coma geslagen omdat hij zijn tulband draagt als een slet… 1 hour ago
  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,914 other followers

Archive for the ‘IoT Internet of Things’ Category

The Hardware Hacking Handbook | No Starch Press

Posted by jpluimers on 2022/09/27

Want: [Wayback] The Hardware Hacking Handbook | No Starch Press

The Hardware Hacking Handbook

Breaking Embedded Security with Hardware Attacks
by Colin O’Flynn and Jasper van Woudenberg
November 2021, 512 pp.
Print Book (PREORDER) and FREE Ebook, $49.99
Ebook (PDF, Mobi, and ePub), $39.99
Hardware Hacking Handbook Cover


Some topics in the book are listed in [] Colin O’Flynn on Twitter: “A random thread about a few things that @jzvw and I packed into The Hardware Hacking Handbook (note – this twitter thread is an advertisement, don’t be tricked into thinking this will be some nice useful stand-alone content). Roughly following book order:”.


Read the rest of this entry »

Posted in Development, Hardware, Hardware Development, IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

Fixing a classic Ring Chime that does not power on any more (no blue light)

Posted by jpluimers on 2021/12/23

A well known classic Ring Chime problem is that shortly after warranty expires, it won’t power on any more (no blue light visible at all):

[Wayback] Ring Chime Pro no power – Products / Accessories – Ring Community

Usually the built-in power supply is toast, and it is relatively easy to replace this with a USB power supply.

The below video shows how to do that for a classic Ring Chime Pro.

I’ve repeated the steps for a classic Ring Chime (model 8AC3S5-0EU0) that I got from [] Ring Chime – WLAN Türgong für Video Türklingel, weiß: Alle Produkte


Read the rest of this entry »

Posted in Development, Hardware Development, IoT Internet of Things, Network-and-equipment, Power User, Ring Doorbell/Chime (Amazon) | Leave a Comment »

BHACP021 Chime Pro (2nd Generation) Teardown Internal Photos EMC TEST REPORT Ring

Posted by jpluimers on 2021/12/16

So you do not have to do a tear-down yourself: [Wayback] BHACP021 Chime Pro (2nd Generation) Teardown Internal Photos EMC TEST REPORT Ring

Chime Pro (2nd Generation) Internal Photos details for FCC ID 2AEUPBHACP021 made by Ring LLC. Document Includes Internal Photos EMC TEST REPORT


Posted in Development, Hardware Development, IoT Internet of Things, Network-and-equipment, Power User, Ring Doorbell/Chime (Amazon) | Leave a Comment »

Shodan (via SCADA systems accessible through the internet)

Posted by jpluimers on 2021/10/27

Just 2 years ago I bumped into through [Wayback] Onderzoekers: zestig slecht beveiligde Nederlandse scada-systemen op internet – Computer – Nieuws – Tweakers and saved the entry [Wayback] Shodan (website) – Wikipedia:

Shodan is a search engine that lets the user find specific types of computers (webcamsroutersservers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.[1] This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server.

Shodan collects data mostly on web servers (HTTP/HTTPS – ports 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), IMAP (ports 143, or (encrypted) 993), SMTP (port 25), SIP (port 5060),[2] and Real Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video stream.[3]

It was launched in 2009 by computer programmer John Matherly, who, in 2003,[4] conceived the idea of searching devices linked to the Internet.

It looked promising, but I was really pressed for time (having impromptu arrange all care for my mom, and became even more so when I got diagnosed with rectum cancer later that year), so did not pay much attention apart from registering.

Last year in the midst of my chemos I noted [] Nate Warfield on Twitter: “ The latest Citrix vulnerability looks bad but there might be time to fix them before PoC comes out. The @shodanhq query above might help. ( has more details)… “ (I think via @jilles_com) , so put it on my list of things to look into a bit further.

Since then, I found out a lot of people dislike Shodan and want to blacklist it because they see it as a threat. It feels like people think the internet is like the [Wayback] Ravenous Bugblatter Beast of Traal | Hitchhikers | Fandom

The Ravenous Bugblatter Beast of Traal is a vicious wild animal from the planet of [Wayback] Traal, known for its never-ending hunger and its mind-boggling stupidity. One of the main features of the Beast is that if you can’t see it, it assumes it can’t see you.

(This by the way is one of the reasons for Towel Day – Wikipedia)

Anyway: a few lists of Shodan IPv4 addresses and hostnames, and means to maintain them for the ones interested:

Reality is that the internet is much smarter, so if you block Shodan from seeing you, others from the internet still will and if you have vulnerable services, one day they will be abused. For instance, this personal anecdote:

I forgot I had a port redirection on my router for RDP access a non longer existing Windows system any more. I forgot that this Windows machine had no fixed DHCP-lease while in use (it kept it’s lease as it was always on).

When that machine was long gone, another temporary Windows machine obtained the same internal machine (the router had been rebooted and after reboot hands out previously handed out IP address), and boom: the new Windows machine was bombarded with RDP logon requests.

In the end, the new Windows machine was not compromised, so I was lucky as it could have been.

Back when registering, sent SMTP mail via, so you might want to not blacklist it if you blacklist at all (incidentally, when writing the IP address  servicing that hostname was hosted in The Netherlands: [Wayback] – – Netherlands – IP Volume inc – IP address geolocation).

It is good to think of you use Shodan, as not all usage might be legal where you live or where you travel to.

Some discussion in Dutch on the risks of using Shodan are in the above link. It boils down to:

  • Searching should be OK
  • Accessing the devices found can be totally illegal

That’s basically with anything you find on the internet, for instance by Googling, so nothing new here.

I mainly use Shodan to see if I have any known vulnerabilities exposed. There are not that many ports open, but given the anecdote above, I might screw up again and not be so lucky.

This article has a balanced explanation of Shodan, how you use it, and how to stay safe: [Wayback] How to remove your device from the Shodan IoT search engine.



Posted in Development, IoT Internet of Things, Network-and-equipment, Power User, Security, Software Development, Web Development | Leave a Comment »

Shelly Shop USA

Posted by jpluimers on 2021/09/01

IoT power switching equipment at [WayBack] Shelly Shop Europe:

Via: [WayBack] Tweakers Gift Guide 2019 – Smarthome – Koophulp – Tweakers


Posted in Development, Hardware Development, IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

%d bloggers like this: