Last edited by Thorn; 02-19-2010 at 06:16 PM. Reason: typo
Stop the TSA now! Boycott the airlines.
As yes, Im piling on the "dont agree to any test" bandwagon as well. Every pen testing contact I have seen has excluded DOS attacks, and you always want to prohibit the testers from taking destructive actions like deleting data or even removing log entries. There are ways to prove that these things can be done without actually doing them (for example, if you can demonstrate you have system/root privileges on a box you can normally take the ability to delete data/logs for granted)