"POODLE" is the code name for a security vulnerability recently discovered in the SSLv3 libaries used by some browsers to handle secure communication between the browser and web applications.
To read more about the nature of this vulnerability follow these links:
https://www.us-cert.gov/ncas/alerts/TA14-290A
https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack
All major browser vendors (Google, Firefox, Microsoft) have released updates to their browsers to remove support for SSLv3 and hence remove this vulnerability, however it also possible to update your web servers to prevent the vulnerable SSLv3 library being used should a user use an unpatched web browser.
How does this impact VisibleThread and Clarity Grader cloud customers
Both the VisibleThread Docs and Clarity Grader cloud servers have been patched to remove support for this vulnerable SSLv3 library. So even if you are not using a 'safe' browser (i.e. one that has been recently updated) your communication with the VisibleThread servers is not vulnerable to this flaw.
How does this impact VisibleThread Docs on premise customers
This vulnerability has less on an impact on our customer who are using VisibleThread docs behind their firewall, due to the closed nature of their network. Nevertheless for VisibleThread Docs customer running on Ubuntu 12.04 its possible to patch your server to remove support for the vulnerable SSL v3 library.
To do so follow these steps:
1. Log on to the VisibleThread server console and type:
mkdir /home/visiblethread/oldapacheconfig
2. Now backup our apache config
cp /etc/apache2/sites-enabled/000-default /home/visiblethread/oldapacheconfig
3. Now we want to edit our apache config file:
sudo nano /etc/apache2/sites-enabled/000-default
4. Once we have opened the editor we want to find the line that contains 'SSLProtocol -ALL +SSLv3 +TLSv1' and replace it with:
SSLProtocol all -SSLv2 -SSLv3
5. Now type 'CTRL-O' and hit return to save your changes, and 'CTRL-X' to exit.
6. Finally we need to restart apache to pick up the changes:
sudo service apache2 restart
Thats it!