Definition: Pseudo: Not actually but having the appearance of; pretended; false or spurious; sham.
Security: Freedom from danger, risk, etc.; safety.
With those definitions, pseudo-security is a method of securing something that looks secure, but is in reality insecure. A real life equivalent is having a non-working camera in your shop. While these methods prove effective for the most part, the bite hard the day someone sees though it.
I love the comic Calvin and Hobbes, I was on their site reading comics. To my dismay, you must pay to read ones older than thirty days old. I have no problems paying for good services, but I noticed some flaws in their method of keeping the client from reading older comics. Here is a video in how to completely bypass it.
The comic is in view, they did not conceal it on the server’s end. This means that the image has been sent to the browser and they are merely hiding it using client side visuals. In the olden days, it would be really hard to bypass this, but not in this day and age with lots of really cool firefox gadgets. All it took was firebug to delete three divs and boom, I can access the page. Moral of the story:
The other moral of the story:
Even large companies make mistakes; no matter how large you are you are at the mercy of your web developers. The former web developer of the company I work at is on a high seat with RETS (Real Estate Transaction Standard). He is an awful developer who really does not know what he is doing. However, he is a master talker and hires people who know less than him. They at this time have no real idea about this; they think he is an expert. All it takes to become a big shot web developer is smooth talking and the reviews of a manager who may not know that the application you built was crap. Never assume just because the company has money that they have a good site.
What could they do right?
The one and only way to truly conceal data from the client is to not give it to them at all. The script should have a server side check that will not display the comic if they are not paying members, they should not use client side blocks as they can be removed. However, what should be removed is the person who though up this pseudo-security method. It took me about thirty second to think up how to bypass it and two minutes to find a few different ways of doing it. If you have people who stand on security methods like that, you need someone else. Not because of this alone, falling like that shows a lack of real experience in how a cracker will approach your site, therefore I can not imagine it is the only flaw in the site and code.
Just a security lesson for your web development endeavors. Best of luck and don’t be caught with your pants down; be secure