Yes it’s the intended design. In fairness it’s possible they’ve since changed it, I’m not longer a Sophos admin 
-
-
I had a quick read on what they do and it makes perfect sense.
2 replies 0 retweets 1 like -
Replying to @martijn_grooten @GossiTheDog and
Do you have a link to the document that makes perfect sense?
1 reply 0 retweets 0 likes -
Replying to @taviso @GossiTheDog and
From this https://community.sophos.com/kb/en-us/111090 I derive it's about lookups of domains against some blacklist. Given that these domains are themselves queried over DNS, there's little point to encrypt the blacklist lookups. Basic obfuscation against keyword matching could make sense.
1 reply 0 retweets 2 likes -
Replying to @martijn_grooten @GossiTheDog and
This was the result I saw, which says it can contain URLs and file submissions, which does not make perfect sense unless there was some context I'm missing... https://community.sophos.com/kb/en-us/117936#SXL%20lookup%20types …
1 reply 0 retweets 1 like -
Replying to @taviso @martijn_grooten and
Also file hashes and some other stuff
1 reply 0 retweets 0 likes -
Replying to @GossiTheDog @martijn_grooten and
Hmm I think that's not good.
4 replies 0 retweets 5 likes -
Replying to @taviso @martijn_grooten and
It’s not unique to Sophos in fairness. You can pull some pretty funky stuff from historic DNS lookups. It’s probably net positive tho as it gives you pretty much real-time blocking, although the implementation probably needs a rework in space year 2020.
2 replies 0 retweets 1 like -
Replying to @GossiTheDog @martijn_grooten and
Sending full URLs plaintext over the public internet?
I know Avast used to do it with a chrome extension, but we told them they need to stop that or they're out of the webstore... I think they agreed to start sending them over https.2 replies 0 retweets 3 likes -
Replying to @taviso @GossiTheDog and
I think Kevin and I were talking about doing such lookups through DNS, which is extremely common.
1 reply 0 retweets 0 likes
Right, I don't care about hostnames too much, but if it's more than that - common or not - that's not cool.
-
-
Replying to @taviso @GossiTheDog and
It's not, but there's a reason why DNS was chosen: it pretty much always works. See also: DNS tunnelling.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.