Hacker club reverse engineers German government trojan found in the wild

By tiagosilva29
in Back Page News

 Share

Recommended Posts

Grand Master

tiagosilva29

Posted
Posted
The largest European hacker club, "Chaos Computer Club" (CCC), has reverse engineered and analyzed a "lawful interception" malware program used by German police forces. It has been found in the wild and submitted to the CCC anonymously. The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet.

0zapftis.png?1318099563

Even before the German constitutional court ("Bundesverfassungsgericht") on February 27 2008 forbade the use of malware to manipulate German citizen's PCs, the German government introduced a less conspicuous newspeak variant of the term spy software: "Quellen-TK?" (the term means "source wiretapping" or lawful interception at the source). This Quellen-TK? can by definition only be used for wiretapping internet telephony. The court also said that this has to be enforced through technical and legal means.

The CCC now published the extracted binary files [0] of the government malware that was used for "Quellen-TK?", together with a report about the functionality found and our conclusions about these findings [1]. During this analysis, the CCC wrote its own remote control software for the trojan.

The CCC analysis reveals functionality in the "Bundestrojaner light" (Bundestrojaner meaning "federal trojan" and is the colloquial German term for the original government malware concept) concealed as "Quellen-TK?" that go much further than to just observe and intercept internet based telecommunication, and thus violates the terms set by the constitutional court. The trojan can, for example, receive uploads of arbitrary programs from the Internet and execute them remotely. This means, an "upgrade path" from Quellen-TK? to the full Bundestrojaner's functionality is built-in right from the start. Activation of the computer's hardware like microphone or camera can be used for room surveillance.

The analysis concludes, that the trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court. On the contrary, the design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice ? or even desired," commented a CCC speaker. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

The government malware can, unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping. This complete control over the infected PC ? owing to the poor craftsmanship that went into this trojan ? is open not just to the agency that put it there, but to everyone. It could even be used to upload falsified "evidence" against the PC's owner, or to delete files, which puts the whole rationale for this method of investigation into question.

But the trojan's built-in functions are scary enough, even without extending it by new moduls. For the analysis, the CCC wrote it's own control terminal software, that can be used to remotely control infected PCs over the internet. With its help it is possible to watch screenshots of the web browser on the infected PC ? including private notices, emails or texts in web based cloud services.

The official claim of a strict separation of lawful interception of internet telephony and the digital sphere of privacy has no basis in reality. [NB: The German constitutional court ruled that there is a sphere of privacy that is afforded total protection and can never be breached, no matter for what reason, for example keeping a diary or husband and wife talking in the bedroom. Government officials in Germany argued that it is possible to avoid listening in on this part but still eavesdrop electronically. The constitutional court has created the concept of "Kernbereich privater Lebensgestaltung", core area of private life. The CCC is basically arguing that nowadays a person's laptop is intrinsically part of this core area because people put private notes there and keep a diary on it] The fact that a judge has to sign the warrant does not protect the privacy, because the data are being taken directly from the core area of private life.

The legislator should put an end to the ever growing expansion of computer spying that has been getting out of hand in recent years, and finally come up with an unambiguous definition for the digital privacy sphere and with a way to protect it effectively. Unfortunately, for too long the legislator has been guided by demands for technical surveillance, not by values like freedom or the question of how to protect our values in a digital world. It is now obvious that he is no longer able to oversee the technology, let alone control it.

The analysis also revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies's IT infrastructure could be attacked through this channel. The CCC has not yet performed a penetration test on the server side of the trojan infrastructure.

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities", commented a speaker of the CCC. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'".

To avoid revealing the location of the command and control server, all data is redirected through a rented dedicated server in a data center in the USA. The control of this malware is only partially within the borders of its jurisdiction. The instrument could therefore violate the fundamental principle of national sovereignty. Considering the incompetent encryption and the missing digital signatures on the command channel, this poses an unacceptable and incalculable risk. It also poses the question how a citizen is supposed to get their right of legal redress in the case the wiretapping data get lost outside Germany, or the command channel is misused.

According to our hacker ethics and to avoid tipping off criminals who are being investigated, the CCC has informed the German ministry of the interior. They have had enough time to activate the existing self destruct function of the trojan.

When arguing about the government authorized infiltration of computers and secretly scanning suspects' hard drives, the former minister of the interior Wolfgang Sch?uble and J?rg Ziercke, BKA's president (BKA, German federal policy agency), have always claimed that the population should not worry because there would only be "a handful" of cases where the trojan would be used at all. Either almost the complete set of government malware has found their way in brown envelopes to the CCC's mailbox, or the truth has been leapfrogged once again by the reality of eavesdropping and "lawful interception".

The other promises made by the officials also are not basis in reality. In 2008 the CCC was told that all versions of the "Quellen-TK?" software would manually be hand-crafted for the specifics of each case. The CCC now has access to several software versions of the trojan, and they all use the same hard-coded cryptographic key and do not look hand-crafted at all. Another promise has been that the trojan would be subject to exceptionally strict quality control to make sure the rules set forth by the constitutional court would not be violated. In reality this exceptionally strict quality control has neither found that the key is hard coded, nor that the "encryption" is uni-directional only, nor that there is a back door for uploading and executing further malware. The CCC expressed hope that this farce is not representative for exceptionally strict quality control in federal agencies.

The CCC demands: The clandestine infiltration of IT systems by government agencies must stop. At the same time we would like to call on all hackers and people interested in technology to further analyze the malware, so that at least some benefit can be reaped from this embarrassing eavesdropping attempt. Also, we will gladly continue to receive copies of other versions of government malware off your hands. [4]

Links:

[0] Binaries

[1] Analysis of the government malware (German)

[4] BigBrotherAwards 2009, Category Business: companies selling internet and phone surveillance technology

[5] 0zapftis (at) ccc.de use the PGP key below:

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v1.4.9 (Darwin)

mQINBE6OIJYBEADA8V/CA60MHsizwIEk46q3Tw2/DceWdN5jpqr8xD00vhjLMjBx

kFgbZdou6yrYnZbrTC72dQbqj/e0KJaj5gmDjzEb29GKxFRbZkhjMSxYPBb4rawJ

MRQdv/o/Olsf7ucLCEMRjuNxxczpo5dayDZC1yT4P/PcERscOM1RIOkM+Iaqde4v

ApEZavNMrXBlV/s/cQ6gMnzqyzv9dNRaUN8BbNWufWmvue22DUR2kUpsEWYfXBe6

o70k8nxe91uHBDnfjL12n2E7kI79+umniOdXYPQgfzBLTnAgCjHjt+Xy75LOiYXt

ea7KPaGZoe9RuV+gAcK0G+NElDF7PjeuHbsV3YLXuQ7wjmbsn6qjpxl2E6C+vY30

29+4Si7FgwKLlJ/NVrAg90OGEQ13BvPGFUq5rES/ILs31fa7jcIXKaF+ADcMs9o3

ymXQF/wU1ENyUMtLsEz9DZ8yKgLVmLlieVmaiMPaJXSFYyHTccJoJ48QfYQARuMa

OR+bMhW/wWoubIKgj1tL35GF9fJ0hYpwtMG+Xfyi/JG8fJHV8J01sKG5w/UaBAY1

T4quFIHcdMjoRXwtExCsDjyqHRJAakL4WZEjulb3ReGVfuk+pVXTG4Hsp3E8oVKT

v62ahMg7X5ugek232DwUTzfU77sNkcTiuXokPMswbEIfp5zmm9pUhalcnQARAQAB

tDcwIFphcGZ0IElzISBSZXZlcnNlIEVuZ2luZWVyaW5nIElucHV0IDwwemFwZnRp

c0BjY2MuZGU+iQI+BBMBAgAoBQJOjiCWAhsvBQkHhh+ABgsJCAcDAgYVCAIJCgsE

FgIDAQIeAQIXgAAKCRDwbQurk8EwoEHBD/4vkbPzdBw9Ra7IBJCFe6aTUlw4qskU

WM+2hyC06wOWgZM8KiGABFabInJ+2krc+humAuRJoZPySoHyOi/QY9ND033FgkhX

Vea9EJpZRm0tJmbFMlFLzwT9fZ5r7GL0xLrQKoMEK3vUd0b3xQBqeaFEpB+VfU8Q

vKmgTG4dO8pYKVe3/MnjAkS6fUUFOsl9QvHCW8+u2Qn4fl7mUygBTLfK4y2KDruh

rh3EjeSuSaMdkNlXLDyEI5Hxttn0fTDp8K2Sh15qaeR1uMrwtxPHZRuSUw7jZ7xH

24eUjJ4ipnwLMqeTNiL5JBwzQIRp9pb1cjiNuhxUCT4tGBPTeHgPR2MeEbBfFuYJ

JnSEEO8VRStZXWWAKHj1ku8+YQ90SmFloRAbjlrkZpJn+vrj66wyGyzVbe1bD3Gy

jokwVEhcierUaSpUq9ChBIB+vbMQZlchUfIGZPln/WOuwSgo2L6CNTfcA/6FvHYu

+2Mg5VoeHOxQm28ZXjqCsODx3+j476S9VlHIDsBRmqPbOUoEzY2VIAyDzTlQE5Kn

kBGp8FXk68QYVSS+ZI00cLtoDZlDD22scjn6qDk1y6oHuUnP9UoIF8t2kR1j9xG3

FKrSNufwivgkZ3Fr2n+s9jYMom8YfZi15coNntyYSo7WQOgA29Ssfu8dfG56cdUc

WPrcjLfEcjvPMrkCDQROjiCWARAA4dsiBRvVSRN0YFW8iYJNqH0jzu/CwbjsQAOt

N6xM8OrjEsu3y82q0g/NryJJ4cVq3kl4r+WDoCwD2wR+oT4oMmg5jWtrs8lSikaG

6Gl1W8e81zkyvDol8+BQLFEDxyyOZ313rQznP8RsBzk8u8x1YBPNyeHEJMF3dusm

HUgQW2DY/eUUZQJARb9CHp2DTduTlQbkTPeDnFm6lrvduJyee98QeP+nCw9vTok0

uWc5o9p4VgY+koX10E++iFRlz9rwNzFT2vHPm5MeG1ZITbWjS17ZQNHsgbOdMDUk

08zQOYl29N4IuXRD1zRhs96oDwuxlo1rUE7A8vtf/6S6RETxkS7ykH1csCWrw6s/

CjaioVVoyWIEvCzn60P8kUCsLJCiXTE4rcdaY9eysM1jeNC2t7BpmuY6gSqBwM5m

0VfL86mCIZcE0AaxtrifjjwG8hlnlodyD0Ugi9tO87rPq204wplTMm6iZblKya5a

vzQdKckXOXd4DBSB1fKoZBWAFIuZ2asHa57CsZLXAsM1a1b/eGUIilBN6/bXboum

Gv2q+yF91kEP4tv+5fWLRJOgyUOiljB4g0JN1n9JfnM2iHaX7wcFh+jCnpX+1xZJ

E8urrUEPpt4IOCHB/mJAk2rCrCY69WWJTjuaXIc178TioWDWr+eDuDyENa9pbTCx

5paebg8AEQEAAYkERAQYAQIADwUCTo4glgIbLgUJB4YfgAIpCRDwbQurk8EwoMFd

IAQZAQIABgUCTo4glgAKCRBebJ87j17H3iJID/9UVR9HIxmQtQPADWXZxjnNePw1

32O1+Syd9j9JgYczHooudki6mx55ydFHEyu4oDJ7az0UiV92GEl7XV3iwBppf9Ja

WvZ5WvWMX4F/ZmmDWENXqQeniqIUlKa9XmA9jhYAEwy7198pbD/qsGBMioDVai0f

GTYUiBwHt2spu1uopx30spK/RwBKvbH6cbtGmOvfpXmgsFagtg6kPZPbfGZ3Iumh

yWHP4zd/+VcAOkjJv844Nuloh4VMPfwiInakG9bZzg4Ky5kGqB+Vl2WCZSOiVVGo

C4JmdMO7IMkBPMRNXQw23rhWWJVjsnF+nT/TnDlnH7g067IZ5YOZftwSun78Cjb1

sRmwCaj9iNbTwEUnES8Clni/AAirYvXs0Isu67WN1lJWUSwAavs6Thswhvpnrsq7

v0svvtmOU1pZVmYGmOFn8xAC+iK1PHFL4BH8NEhkiCMqBfH0pGIjl/hZk60r6Gtf

BNB0Fjt/HOQYVHNaQvbpPhWCLYxeVEUfMk9rRE1FlyzYGhBa/pG5ECoJGNQGriGC

bB4hzSmwjVqaP7N3qzfeP6xQT4y5A7Xe2zN9FnOO8+vjQ6hMMX4Ch4YDaxuHS3C7

4eQTgmJ9CWERuUBz/AdEobY+sakH+2PHN2eBgwbLBX5ti3YKy1L7DE3EZibKwWm5

D4C9KHCwUpT/unjQ9gM9EACHIFOBbxZF/2o4w6VdrsYYBUcihaEtDMc9sywNTwBF

jsxbJM4GHvtwlJlunMp1Iz62f9dL+hAUe76UCq2i7W9eVlT8Pp3xR0+z2Ini1PbG

nfgpsbI9q0ncUlGyo+o/fVNASQqqvfGsfU6SuKapwvMdqK6p7G4y+1XodRHChzli

v9WV2GRXNSp5jTuU7FZzCUaHilIU1Xh9P2eo/5/QwTvxkHdEssbCtK6hsWNS/ot9

9IRRB5x3Sr2pnb8JiiZrvwh2YlqaD0cs0gViA5gZXTsOVb6IzcaMgnG4M4xu+fgz

U+G9jHbwWj9UHcEUPEl5rRmrMTpeu5f2xRZddlbDW1QKREATXZkROsP3GLmXMESe

af7BF3+JtUTajYjxQxYwW6hQLkGc4wsIO4nWDFbk/lBh9T25mzTpo54WblDEq9yQ

K83zwI2BC3NFqRoZ9IrC3wJsic5T0/bIKALFXo5quK4pE7xt2+c6VQosymeWBk5q

Exy6jS1C6RjZGF4qXVPznejivZ9jEv4xUh+BXSMKnZCN9SZIzhWU3K6aqacY8LVm

mWE4MA8GJ0dUiw+egWacFBJFRg1I6p1NbuUIlU1WdGne2hyz7djbFofLay15x1Lo

wYTTAi2gmp8vxHoZoI30dCJZTtVKb1vIEOE9Tz5Cl/UOVMxtqANGr9/GdVLPY2NB

ZQ==

=jS/I

-----END PGP PUBLIC KEY BLOCK-----

Source: CCC
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft brings Claude to its own Azure infrastructure, powered by Nvidia GB300 Blackwell

      By Karthik Mudaliar · Posted

      Microsoft brings Claude to its own Azure infrastructure, powered by Nvidia GB300 Blackwell by Karthik Mudaliar Anthropic's Claude models are now generally available in Microsoft Foundry on Azure and are running on Nvidia's GB300 Blackwell Ultra systems. Nvidia wrote in its announcement that the models are hosted on Microsoft Azure and accelerated by GB300 Blackwell Ultra GPUs, with Quantum-X800 InfiniBand networking used to support larger agentic systems and specialized sub-agents that can operate across business domains. This is great for customers and enterprises that want to build autonomous and domain-specific AI agents using Claude without moving outside Microsoft’s cloud platform. Microsoft currently offers Claude models in Foundry in two forms: “Hosted on Azure,” which runs end-to-end on Azure infrastructure and is generally available, and “Hosted on Anthropic infrastructure,” which remains in preview. This separation is quite important for organizations that have procurement, compliance, data processing, or internal governance requirements tied to Azure. Anthropic currently has 11 Claude models listed in Microsoft Foundry, including Opus 4.8, Sonnet 4.6, and even the unavailable Mythos and Fable models. Billing is handled through Claude Consumption Units (CCUs). Microsoft says CCU is an invoicing unit for Claude models in Foundry, with token usage converted using Anthropic’s published per-model token rates. The usage is billed through Azure Marketplace just like models from other distributors and appears on the customer's Azure invoice, while eligible spend can count against a Microsoft Azure Consumption Commitment. For starters, GB300 NVL72 is a rack-scale, fully liquid-cooled system that combines 72 Blackwell Ultra GPUs and 36 Grace CPUs. Nvidia has listed 37TB of fast memory, 130TB/s of NVLink bandwidth, and FP4 Tensor Core performance of up to 1,440 petaflops with sparsity. The deal is also part of a three-way partnership between Microsoft, Nvidia, and Anthropic. Under the deal, Anthropic has committed to buying $30 billion in Azure compute capacity and contracting additional capacity up to one gigawatt. Nvidia and Microsoft also said they would invest up to $10 billion and $5 billion in Anthropic, respectively.
    • WhatsApp is getting usernames, and you can reserve your preferred one now

      By Fiza Ali · Posted

      WhatsApp is getting usernames, and you can reserve your preferred one now by Fiza Ali Sharing your phone number isn't always something you want to do, especially with people you've just met. Whether it's someone from a class, a local community group, or a sports team chat, handing over your number can feel like giving away more personal information than necessary. That's exactly the problem WhatsApp is trying to solve with its upcoming usernames feature. The company has announced that users can now reserve a unique WhatsApp username ahead of the feature's wider rollout later this year. Once usernames become available, they'll let people connect without revealing their phone numbers. It's a change that makes a lot of sense for group chats. Right now, everyone in the group can see your phone number. With usernames enabled, that won't necessarily be the case when someone contacts you for the first time. WhatsApp says it's opening username reservations early because more than three billion people use the app, meaning plenty of people are likely to want the same usernames. Reserving one now gives users a better chance of securing the name they actually want before the feature launches more broadly. If your preferred username is already taken, WhatsApp will also offer a built-in username generator to suggest available alternatives. The feature isn't only aimed at individual users. Creators, businesses, and organisations will be able to claim the same username they already use on Instagram or Facebook, making it easier to keep a consistent identity across Meta's apps. Furthermore, privacy is a big part of how WhatsApp is introducing usernames. There won't be a public directory where people can browse or search for usernames. Instead, people will need to know your exact username before they can start a conversation with you. Additionally, users can also choose to enable a username key, which adds another layer of control by requiring people to enter that key before sending a message. Once the feature rolls out, people who choose to use a username will no longer have their phone number shown when messaging a person or business for the first time. If you want to reserve a username, make sure you're running the latest version of WhatsApp, then head to Settings > Account > Username. The tech giant says usernames will roll out gradually over the coming months, and users will receive an in-app notification when the feature becomes available in their country.
    • How do you future-proof a home or small office network?

      By sphbecker · Posted

      When I think about a network, there are really two aspects, the hardware and the wiring. So here is what I would do for both. Wiring: Use Cat6A for the patch panel, outlets, and all structured cables (cables installed in walls). Run plenty of Wireless Access Point (WAP) cables, as a general rule, assume a signal can only pass through 2-3 walls and can't pass through a floor (that is conservative, but trust me on this if you want strong WiFi)  Cat6 patch cables are fine for now if you don't plan to run 10gig, those are easy to replace later if needed. Run OS2 single-mode fiber to anywhere you think you may have a server or sub-switch. (yes, single-mode for everything on a small network, don't mess with multimode unless you are at a scale where that minor cost and power savings will matter). If you really want to future proof, also run fiber to any high density WAP locations, it is likely that WiFi 8 and beyond WAPs will push the limits of 10g. Run 6-12 pairs of single-mode fiber between your MDF and the building's MDF, even if you only need 1 or 2 pairs now, those extra pairs will pay off down the road. Hardware: (its easy to say "get all the features incase you need them", so instead of futureproofing, I am going to take approach of suggesting areas worth investing in, and areas you can save money). Don't overspend thinking you need every feature on every port. You don't need 10g on every port, you don't need PoE on every port. Don't overspend on redundancy either, unless you are ready to buy two of everything, don't waste money buying two of some things and not others. Dual power supplies are worthwhile, but probably not HA or multi-path redundancy.  Get 1 "distribution layer" switch that your router/firewall will connect to as well as all your access layer switches below. This should be a fully managed 10g+ switch with a combination of copper and SPF ports, a few 25g uplink ports are nice for this switch. Given that you said it is a small network, I suggest also using that distribution layer switch for servers and WAPs, meaning it will need PoE. Speaking of wireless, get good professional tri-band WAPs, and either turn on the band stirring options, or limit 2.4 to an IoT only SSID. This will provide a solid WiFi capable nearly everything but the highest of bandwidth clients...you could even consider skipping wiring workstations depending on usage. Access layer switch for workstations and printers can be cheaper switches, 2.5g is a good sweet spot between price and future proofing, but even 1g is fine for most individual clients (the kind that could probably be fine on WiFi). You can consider saving a little on access layer switches by only getting 1 PoE switch for whatever needs it (remember your WAPs are connecting to the distribution switch, not here), and non-PoE for your workstations, because desk phones are falling out of favor. You can also save money here by not buying managed switches if you don't need them--but really do some soul searching there, if you go this route, then anything that isn't on your workstation VLAN would either need to be connected to the distribution switch, or its own access layer switch. Also, don't feel like you need a fancy fabric stacking switches for your access layer, that is the point of the higher-end distribution layer, to remove the need for things like that at this level. Home Hardware: I'm realizing the above assumed an office setting, if this if for your house and home lab then the above still applies, but you'll probably want everything managed and PoE, just because, but you probably also don't need multiple access layer switches. If your total port count is below 24, just skip separating distribution layer and access layer and just get one nice switch with the features you want. If you are at the point of considering a 48-port switch, I would instead get a nice high-end distribution switch for things that need it, and cheaper access layer switches with specs based on the needs of connected devices. For home use, don't worry about home running every device to the main switch, there is nothing wrong with running sub-switches for your media areas and office, those essentially become your access layer, just look for sub-switches with a 10g uplink so sharing bandwidth isn't an issue. Just make sure you always connect them to your distribution/main switch, don't daisy chain, the path should never have more steps than Client>Access>Distribution>Firewall>Internet or Client>Access>Distribution>Server if it is local.
    • Google Meet brings Gemini note-taking to AI Pro and Ultra subscribers

      By Karthik Mudaliar · Posted

      Google Meet brings Gemini note-taking to AI Pro and Ultra subscribers by Karthik Mudaliar Google's Gemini-powered "Take notes for me" feature inside Google Meet is now available to Google AI Pro and Ultra subscribers. The features work on Google Meet for web as well as on mobile, and Google says that subscribers can use it for meetings they host in many supported languages. As the name suggests, "Take notes for me" allows Gemini to listen to a meeting, generate a summary, identify action items, and save the notes as a Google Doc in the user’s Drive. After the meeting, the organizer receives an email recap with the summary and action items, while the notes can also be attached to the related Calendar event depending on the meeting setup and sharing settings. The feature isn't automatically turned on for everyone, though. Google says that all meeting participants are notified when note-taking is turned on, and users can start it from the pencil icon in Meet or enable it for future calls through Meet’s meeting records settings. For work or school accounts, administrators can also control whether the feature is available and may require explicit participant consent for note-taking, recording, or transcription features. The feature first launched back in 2024, when it was available just for selected Workspace users. Over the years, Google added refinements and more options, including the ability to enable it when scheduling meetings via Google Calendar. Google's support docs say that the feature currently supports English, French, German, Italian, Japanese, Korean, Portuguese, and Spanish, but only one language at a time. Meetings with multiple spoken languages are not currently supported, and Google recommends using the tool for meetings between 15 minutes and eight hours. The new feature makes Google Meet closer to its rivals that have AI tools already built in. Microsoft Teams has recently started offering Copilot and intelligent recap features that summarize meetings, surface highlights, and help with follow-ups, while Zoom’s AI Companion can also generate meeting summaries from desktop and mobile meetings.
    • GnuCash 5.16

      By Copernic · Posted

      GnuCash 5.16 by Razvan Serea GnuCash is a personal and small business finance application, freely licensed under the GNU GPL and available for GNU/Linux, BSD, Solaris, Mac OS X and Microsoft Windows. It’s designed to be easy to use, yet powerful and flexible. GnuCash allows you to track your income and expenses, reconcile bank accounts, monitor stock portfolios and manage your small business finances. It is based on professional accounting principles to ensure balanced books and accurate reports. GnuCash can keep track of your personal finances in as much detail as you prefer. If you are just starting out, use GnuCash to keep track of your checkbook. You may then decide to track cash as well as credit card purchases to better determine where your money is being spent. When you start investing, you can use GnuCash to help monitor your portfolio. Buying a vehicle or a home? GnuCash will help you plan the investment and track loan payments. If your financial records span the globe, GnuCash provides all the multiple-currency support you need. Between 5.15 and 5.16, the following bugfixes were accomplished: Bug 421610 - RFE: Include logical dates for View->Filter by "date range"The Select Range section of the Date tab of the register's Filter By dialog box is changed to provide relative, specific date, or days ago options for the start and end of the filter range. The Show number of days item label is changed to Show from days ago to better reflect what it does. Bug 436105 - esc key not working as expected in register: Enable the escape key to cancel a field edit. Bug 797384 - Gnucash doesn't handle commodity prices with big numerator/denominator properly. Bug 798004 - Next gen UI for stock transactions Bug 799314 - Add "enter now" option in scheduled transaction editor. tab to allow users to select the scheduled transactions to be included in a “Since Last Run…” window. If there are no instances of a selected transaction triggered by today’s date, the next instance is triggered. Bug 799751 - autocomplete crash Bug 799759 - Users can't Enable entries via Checkboxes on Scheduled Transactions PageAllow the Enabled box in the list of scheduled transactions to be operated instead of having to open the transaction editor dialog and change the Enabled checkbox. Also added use of the Name column as the secondary column sort for all the other columns. Bug 799762 - Poor handling of cases where hidden/placeholder accounts are used in the account register Bug 799766 - Double line preference not respected in search register Bug 799767 - POST /accounts in bindings/python/example_scripts/rest-api is broken Bug 799777 - `xaccSplitSetParent`: reparenting a committed split silently drops its KVP slots (online_id, cap-gains links) Other changes & improvements: Numeric values may now be selected to copy in the Accounts page. Add new Finance::Quote source Finnhub.io: Free API key (personal/non-professional use) available at https://finnhub.io. Set FINNHUB_API_KEY environment variable to API key to use this source. As of June 2026, free tier API limit is 60 API calls/minute. The Investment Lots report has new optional columns for Computed Annual Growth Rate. Python Bindings: Improved translation of primary object (Account, Transaction, Split, etc.) so that they can be treated as normal Python objects. This is accomplished with SWIG magic so no existing code is obsoleted. Python Bindings: Better conversion of GLists to Python lists. Python Bindings: Destroy the QofSession in the Python Session dtor to prevent leaving the database locked. [engine] Add first-class online_id accessors for Split and Account and make them available to Python bindings, removing the unused Transaction online_id property. Improve C++ implementation of QofBook. Correct the Doxygen doc for qof_instance_get/set_kvp. [gnc-log-replay.cpp] fix incorrect guid dump Add some Boost library requirements needed by libgnucash-guile to CMakeLists.txt so that missing feature will fail at configure time. Use Compile-time Regular Expressions instead of std::regex in gnc-filepath-utils.cpp and instead of boost::regex in the CSV importer, with the CTRE v3.11.1 header added to borrowed [gnc-filepath-utils.cpp] null check char* arguments Add ChartJS licenses. Removed AEX from list of commodities. euronext.com is now using JS based anti-webscraping. [report-core] always offer options summary in reports. This is useful to debug reports. The Add options summary option is removed because it's no longer optional. Remove remaining obsolete IMContext from sheet Fix blurry text in HiDPI offscreen-rendered widgets Add port field to database connection dialog: The convention of appending the port number after the host isn't obvious. When editing a split in the register treat the account as being changed only if it isn't the one selected before editing instead of if the user performed an edit Return immediately from qof_book_destroy if hash_of_collections is null. If qof_book_destroy is called on a QofBook* freshly created with qof_book_new (usually because it was used to create a session that now must be destroyed) it would try to empty the non-existent hash tables, crashing. Clean up Flathub metadata to solve warnings at flatpak build time. Be consistent in naming GncPluginPage and GncPluginPageRegister HTML: Remove unimplemented function declarations. [gnc-html.cpp] remove unused buggy string conversion functions Convert libgnc-html to C++ Apply -Wall -Werr -Wmissing-prototypes to C++ compilation on Windows and fix the resulting errors. New and Updated Translations: Arabic, Croatian, Danish, Dutch, German, Finnish, Hungarian, Korean, Norwegian-Bokmal, Spanish Download: GnuCash 5.16 | 176.0 MB (Open Source) Links: GnuCash Home page | Other Operating Systems | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well
    • Week One Done
      NovaEdgeX earned a badge
      Week One Done
    • One Year In
      BA the Curmudgeon earned a badge
      One Year In
    • Conversation Starter
      rosiecharles earned a badge
      Conversation Starter
    • First Post
      KMilenkoski1202 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      536
    2. 2
      +Edouard
      269
    3. 3
      PsYcHoKiLLa
      150
    4. 4
      Steven P.
      98
    5. 5
      macoman
      66
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!