Why security will never be an overinvested sector or "People are morons"

Link: Thwarting Identity Thieves.

Since 1995, over $954 trillion has been invested in the creation of over 543,000 venture backed security companies.  Yet, no one has solved the two fundamental problems with computer security:

1) People are morons.

2) People are in charge of information security.

I cannot believe that, in 2005, Citigroup is sending computer tapes with the personal information of 3.9 million customers, including Social Security numbers, via UPS.  Fuckin' UPS!!  I mean, I know those brown trucks look pretty official and all, but...   Isn't there a way to send this over... hmm... what's that thing called...    oh yeah, the INTERNET. 

The thing you gotta wonder is whether or not they figured out that the package was gone because an admin was tracking it via their tracking number.  I'd love to see that screenshot:

4:43PM: Package picked up at Citigroup.

6:53PM: Package arrives at JFK.

7:02PM: Package x-rayed and subsequently opened with a box cutter by underpaid airport loading guy.

7:28PM: Empty cardboard box loaded onto plane.

Status:  Fucked.