Straight from Microsoft’s website comes a stern warning about a security hole that apparently can happen by simply going to a bad website. Make sure your Windows system is promptly updated, like now!

The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands

Keep an extra vigilant eye out for suspicious PDF files. Adobe has discovered a security hole and they plan an update in Jan 2012, more than a month from today.

Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1)

Any installed app that has “Full Internet Access” permissions (which you would think is most if not all apps as they typically use a Net connection for their functionality) also has access to a lot what we might regard as private data including phone and sms log data (including phone numbers)

Many HTC phones have been identified as affected, including EVO 4G, EVO 3D, Thunderbolt, and Shift. Other HTC phones may be vulnerable too but that has not been confirmed. You can get in-depth technical information from “Android Police“

Right now there is no patch or workaround. My recommendation is that you only install or run “name brand” apps that wouldn’t unnecessarily have an interest in violating your privacy

I’ve got a Sprint EVO 4G phone myself so this article is of particular interest. I’ve not gone into the details but I will, and I suggest you do too! It seems that there’s a good chance of a security risk if you’re connected to a public, unsecured wifi network. So until this gets fixed, Just Say No to free unsecured wifi and continue using your 3G/4G network for connectivity.

The vast majority of devices running Google’s Android operating system are vulnerable to attacks that allow adversaries to steal the digital credentials used to access calendars, contacts, and other sensitive data stored on the search giant’s servers, university researchers have warned.