• Few users of seals are fully aware of their vulnerabilities.
• Most (all?) seals can be defeated with rapid, low-tech attacks.
• Many of these attacks can be easily detected if the inspector knows exactly what to look for in a particular seal. Inspectors rarely have this information.
• Seal cost is not a good predictor of vulnerability.
• Most tags & seals can be dramatically improved with simple, inexpensive changes in the design and/or how they are used. The latter includes procurement, storage, installation, inspection, removal, disposal, and training.
• Intrusion alarms, 2-man rules, and physical security are often used in conjunction with seals. These should NOT, however, be used as an excuse to avoid optimizing seal security, especially when it can be done simply and inexpensively (as is often the case).
• Effective vulnerability assessments include suggesting counter-measures.
• Field Readiness Testing, Materials Testing, and Environmental Testing of tags and seals are not Vulnerability Assessments. Security managers often fail to appreciate the difference.
• Simple physical attacks on high-tech devices or systems are often highly effective. This is because the users or developers of such systems often focus on the wrong issues, forget about the fact that the system must physically couple with the real world, and/or are over confident in high-technology (the "Titanic Effect").
• There are many interesting possibilities for new and improved tags and seals, based on using the good features of existing products & protocols, plus novel ideas and technologies.

Why High-Tech Security Devices Are Usually Vulnerable To Simple Attacks

• Still must be physically coupled to the real world.
• Still depend on the loyalty & effectiveness of user’s personnel.
• The increased standoff distance decreases the inspector’s attention to detail.
• 
  
  
  
• Many more legs to attack.
• Making the high technology widely available to users also places it in the hands of the “bad guys”.
• The high-tech features often fail to address the critical vulnerability issues.
• Users don’t understand the device.
• Developers & users have the wrong expertise and focus on the wrong issues.
• The “Titanic Effect”: high-tech arrogance
•