A variety of bits and pieces archived for one reason or another..
The topic is similar to the DHCP Security one in that I think it's something that's frequently underplayed and given inadequately consideration; broadly, it was a summarization of what VPNs are used for, and some architectural as well as some specific weaknesses in them, followed by a look at some ways to solve these problems and why you might want to consider something other than a VPN for remote access to solve some of the more architectural VPN issues.Slides as a PDF file
All of the slides (including the artwork) are released under the Creative Commons Attribution-Sharealike 2.5 license. Certain portions of the artwork are (c) other people (from the Tango Project and released under the same license.
The talk itself was a fairly whistlestop tour of some of the major failings of VPNs, so I've put a fairly extensive set of links online to some good VPN-related security resources here. They're worth a read if you're interested.
The DHCP Paper which my talk was based on was published by obsidis, an online security magazine founded in the wake of phrack. I've had some quite good feedback from the paper, and anyone with commentary or criticisms is more than welcome to voice them (see the contact page for some idea as to how you might go about doing this).
For some reason unbeknownst to me, obsidis changed the licensing of the paper I gave them (ahem), so for anyone who's interested, here are my (identical) versions of this, but licensed using the Creative Commons AttributionShareAlike 2.5 License, onsite, in openoffice (.odt) format and as a pdf file.
Obsidis's online, HTML-ised version of the paper is on obsidis.org here, or here as a pdf file. Obsidis's site states that "Permission to make digital or hard copies of all or part of this work for personal use is granted without fee provided that copies are not made for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.", but contrary to the Copyright Obsidis note at the bottom of the page, Obsidis aren't the copyright holder (I am), so.. take heed ;)
On the 22nd November 2005, I gave a talk to the British Computer Society's Tayside Branch on DHCP (in)security. (clicky). I've uploaded the slides here in case they prove useful for anyone. This ZIP File contains the presentation in both .ppt and .odp (oasis/opendocument) format.
Please note: The presentation is released under the Creative Commons Attribution-Sharealike 2.5 license, and that certain bits of the artwork are (c) Canonical Ltd (and released under the same license).
Please also note: This talk was originally an essay I wrote - the essay itself hasn't yet been published, but should be being released in the first edition of obsidis.org's security magazine. The essay provides a rather more comprehensive overview of the topic, and I'll stick it online here once it's been published.