GET /congress/2025/event/28fc102e-a38e-51b2-a48b-530b0d0e49a9/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": "28fc102e-a38e-51b2-a48b-530b0d0e49a9",
"kind": "official",
"name": "Race conditions, transactions and free parking",
"slug": "race-conditions-transactions-and-free-parking",
"url": "https://api.events.ccc.de/congress/2025/event/28fc102e-a38e-51b2-a48b-530b0d0e49a9/?format=api",
"track": "security",
"assembly": "ccc",
"room": "62251a07-13e4-5a72-bb3c-8528416ee0f2",
"location": null,
"language": "en",
"description": "After the [Air France-KLM dataleak](https://media.ccc.de/v/37c3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transactions.\r\nThis was way easier than expected. In this talk I will show how just adding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems, and how to write safe database transactions that prevent abuse.\r\n\r\nIn this talk I will explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusing this in real life (e.g. free parking).",
"schedule_start": "2025-12-29T21:05:00+01:00",
"schedule_duration": "00:40:00",
"schedule_end": "2025-12-29T21:45:00+01:00"
}