{"id":"28fc102e-a38e-51b2-a48b-530b0d0e49a9","kind":"official","name":"Race conditions, transactions and free parking","slug":"race-conditions-transactions-and-free-parking","url":"https://api.events.ccc.de/congress/2025/event/28fc102e-a38e-51b2-a48b-530b0d0e49a9/?format=json","track":"security","assembly":"ccc","room":"62251a07-13e4-5a72-bb3c-8528416ee0f2","location":null,"language":"en","description":"After the [Air France-KLM dataleak](https://media.ccc.de/v/37c3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transactions.\r\nThis was way easier than expected. In this talk I will show how just adding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems, and how to write safe database transactions that prevent abuse.\r\n\r\nIn this talk I will explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusing this in real life (e.g. free parking).","schedule_start":"2025-12-29T21:05:00+01:00","schedule_duration":"00:40:00","schedule_end":"2025-12-29T21:45:00+01:00"}