Cyscon Security Shield warns you about phished, hacked or malicious sites in Firefox

Martin Brinkmann
Sep 14, 2015
Updated • May 10, 2016
Firefox, Firefox add-ons

If you don't know that "affair site" Ashley Madison was hacked recently, you'd probably continue to use it as if nothing happened if you are a user of the site.

Hacked sites are a big issue on today's Internet and you read regularly about hacked sites and how millions of user accounts were stolen in the process.

If you add to that phishing sites that are still a constant threat on the Internet, and outright malicious sites, you'd better make sure your browser, computer and data is properly protected.

Update: please note that the add-on has been pulled from Mozilla's add-on repository website by its author. It is unclear why the extension has been pulled. Unfortunately, there is no comparable extension available for Firefox at this point in time. You can check out the browser's security add-ons listing on the Mozilla website but a quick look did not reveal a comparable extension.

One tool that can help you if you are using the Firefox web browser is Cyscon Security Shield. The browser add-on displays warnings if a site you are visiting in Firefox is flagged.

If you visit Ashley Madison for instance, you receive the following warning in the browser.

security breach warning

This goes beyond the standard warning messages that you get when visiting known phishing or malicious sites as it not only informs you of the type of threat, but also what you should do to protect your personal information from being cracked, sold or abused.

For instance, if you are affected by a hack, you may want to change the account password as soon as possible and make sure you don't reuse the same password on other sites. If you do, you should change it on those sites as well to protect all accounts from misuse.

The icon that the extension adds to Firefox's main toolbar indicates if known alerts exist for the active site. A click on those opens the warning page that displays direct information about the issue and links to sites that may provide you with additional information.

The data is taken from the company's own PhishKiller service (and others apparently as listed on the official website of the project) which is being used by Opera Software to protect users of the browser. The add-on introduces the functionality to the Firefox web browser.

Another interesting feature that the add-on introduces is Botnet checking. It compares the active IP address of the computer against a database known Botnet IP addresses and notifies users if the computer seems to be infected with malicious software that took control over the PC.

The company notes that it does not store any data while the add-on is being used.

Closing Words

Security Shield is a Firefox add-on that adds another layer of protection to the web browser. Especially the notification of hacked and breached sites can be useful as it is easy enough to miss an announcement especially if smaller sites were attacked.

software image
Author Rating
5 based on 1 votes
Software Name
Cyscon Security Shield
Software Category

Tutorials & Tips

Previous Post: «
Next Post: «


  1. paulderdash said on May 9, 2016 at 3:49 pm

    On Firefox add-ons site: This add-on has been removed by its author.

  2. ns said on September 30, 2015 at 10:33 am

    As for that Hitman Pro software I mentioned above, here is a forum where the developers post regularly about it.

  3. ns said on September 24, 2015 at 7:36 pm

    I downloaded the addon mentioned above, and after installing it, it led me to a page showing their software Hitman Pro. I proceeded to download and install that as well, and I must say I am impressed by it, as far as protection software goes. I would not say I am an expert in this area, but the program (Hitman Pro) seems really cool for one of these.

  4. dj said on September 15, 2015 at 3:16 am

    Under .cache/mozilla/firefox/PROFILE/safebrowsing, there are a number of files for phishing, unwanted, malware, etc.
    Controlled via Preferences->Security. You’d think they’d flag AM. Then there is uBlock Origin. I thought it was interesting that uBlock Origin puts up a warning for AdBlock Plus did not.

    I’m with Tom above…

    Cyscon Security Shield says….
    “In addition, the Add-On compares your external IP address to an up-to-date dataset (last updated 15 minutes ago) of about 700.000 botnet-events and notifies you if your computer seems to be infected with trojan software.”

    It is comparing a users IP address to what? —700.000 botnet-events— I assume this is a database they maintain. If they are
    watching them can’t they stop them :-) If a user followed all the steps here,, CSS wouldn’t have an IP address to compare.

    If you are using FF Preferences->Security, uBlock Origin, noScript, and maybe even an antivirus software how many layers can you have. When you get down to it, we are all at risk from the least protected. Argh :-( I’m wondering is the Internet worth it, asis…

    1. Thorsten Kraft said on September 15, 2015 at 8:12 am

      First of all: In General a botnet only can be taking down if you control the C&C infrastructure and this doesn’t make sense when you leave the infected machines “online”. Notifying the end customer, telling that he is infected with a peace of malware is the most important part here, because his data have been stolen beforehand and he should need.

      Second: If you dont control the C&C infrastructure, you can’t take it down, but you can see and recognize bots with sensors: One sample a spam sending bot, sends spam to your spamtrap, a ddos bot attacks your systems. In these cases you cant take the bot, but you can notifiy the originator.

  5. Tom Hawack said on September 15, 2015 at 2:06 am

    What I dislike is when an add-on follows you everywhere you go on the Web, every single page opened has its url sent to a server. The server may be a perfect bodyguard like this Cyscon Security Shield I nevertheless dislike it, not to mention the possible impact on pages’ display speed. I’ve always privileged a local database to these stickers, even if the sticker is good ‘n’ strong, I just don’t like having be it a crook or a cop in my back. This type of add-on flourishes, be it for price comparisons, protection, information, comparable sites etc etc. I may be wrong, worrying for no truly valid reason, but for now I just won’t start with whatever of those followers behind me.

    1. Thorsten Kraft said on September 15, 2015 at 3:14 am

      Hi Tom,

      Thanks for your comment.

      It’s important for us, to let you know that we strictly rely on German Data Protection law (the most strictest worldwide) and that we are not storing any data. We additionally took care about the potential risk of leaking data – with the focus of giving a maximum of possible real-time protection.

      The way how we do this is completely transparent decribed in our privacy statement:

      “Whenever you visit a site after installing the add-on, a request will be made to the server with the hostname of the site (only the hostname is communicated, not the full URL) to check its vulnerability status. This status is cached locally in your browser by the add-on, and re-checked a regular intervals afterwards (this ensures you will get updates when sites are patched, but don’t leak your browsing history to the service). The server does not keep logs of IP addresses. It does cache the vulnerability status of each hostname it receives for a limited period of time for performance reasons.”

  6. David said on September 15, 2015 at 12:28 am

    Does this work the good way (downloading a copy of their blacklist DB and checking against it locally) or the bad way (uploading the URLs you visit to their server to be checked against their blacklist)?

    1. Thorsten Kraft said on September 15, 2015 at 8:04 am

      It works both: It requests information about a certain hostname (in real time) and gets back a list of URLs wich are known as malicous. If you browse, it checks the blacklist locally. The real URL is never seen by us. You can compare it with a DNS server and a DNS request.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.