Schneier on Security
A blog covering security and security technology.
« Decline in Cursive Writing Leads to Increase in Forgery Risk? |
| "Operation Pumpkin" »
May 4, 2011
Unintended Security Consequences of the New Pyrex Recipe
This is interesting:
When World Kitchen took over the Pyrex brand, it started making more products out of prestressed soda-lime glass instead of borosilicate. With pre-stressed, or tempered, glass, the surface is under compression from forces inside the glass. It is stronger than borosilicate glass, but when it's heated, it still expands as much as ordinary glass does. It doesn't shatter immediately, because the expansion first acts only to release some of the built-in stress. But only up to a point.
One unfortunate use of Pyrex is cooking crack cocaine, which involves a container of water undergoing a rapid temperature change when the drug is converted from powder form. That process creates more stress than soda-lime glass can withstand, so an entire underground industry was forced to switch from measuring cups purchased at Walmart to test tubes and beakers stolen from labs.
Posted on May 4, 2011 at 6:40 AM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
So the story here is that you need to know your customer base very well before changing your product to be (what you think is) 'better'.
Would be interesting if they change the receipe back, following a decrease in sales :-(
Interesting -- the article suggests a change from borosilicate to soda lime glass in 1998 but Pyrex claims the change occurred in the 1940s:
"Did World Kitchen change the way Pyrex is made?
World Kitchen did not change the product composition of Pyrex glass bakeware. For more than 60 years, Pyrex glass bakeware has been made – first by Corning Incorporated and now by World Kitchen – using the same soda lime composition and heat-strengthening process at the same soda lime plant in Charleroi, Pennsylvania. Corning Incorporated began making Pyrex glass bakeware from borosilicate glass in 1915 and in the 1940s began making Pyrex glass bakeware from soda lime"
Marketing professional with alternative or street use experience with glass cooking products.
Drug testing mandatory.
Is that testing the quality of the street product or testing of the individual?
Perhaps the "crack cookers" should switch to using Durex to boil up their stuff.
However they should make sure they get their tubes from, the right supplier (as in the UK Durex is a trade maek of the London Rubber company that makes various forms of party balloons etc ;)
The right company can be found at,
The article states that World Kitchen started making more products out of prestressed soda-lime glass, not that they changed the Pyrex recipe.
Bruce - love the blog, but shouldn't be be at the point where drugs are not treated as a security matter but a health matter? All the best science says it should be.
Ao at May 4, 2011 8:28 AM,
I think he's referring to this security consequence: "...switch from measuring cups purchased at Walmart to test tubes and beakers stolen from labs."
@AO I think he means that there are more breakins at laboratories to steal test tubes and the like, because they can no longer get a tool at walmart for a couple of bucks.
Dear crack dealers, please buy borosilicate labware from a web shop such as United Nuclear. Buying chemistry sets is quite common and won't attract police attention, but breaking in to a laboratory (which may have all manner of stuff that is controlled) will.
Bruce, the link in your post seems broken.
An ignorant question, as I know nothing of crack: Why don't they just use metal apparatus?
Or buy old Pyrex stuff on Ebay.
Tempered glass is amazing stuff. I was unloading a big double-pane tempered glass window from a truck when the guy helping me bumped the edge of the window against the truck. It exploded. One second you're holding a heavy window, the next second your hands are completely empty and you're standing in a cloud of tiny shards of glass.
I'll never forget the day I accidently put my hand through a plate glass window at my voc school. I had thought the glass was tempered, but was shocked to see a 10 foot tall razor sharp shard of glass hanging from the top of the frame right about my wrist.
I think that was the last piece of glass larger than a pilsner I ever broke.
@Sam - I was going to say, doesn't it seem more likely they'd switch to stainless steel cookware? It's cheap and just as easily available as pyrex...
From my knowledge of cooking (food, not illicit pharmaceuticals) I know that cakes bake at different temperatures in metal than in Pyrex bakeware.
I suspect similar for stove-top cooking, though it is harder to measure such temperatures precisely. (That is, thin stainless steel pans behave differently than thicker steel pans, which behave differently than thicker cast iron pans.) It's been awhile since I've seen stove-top use of Pyrex-based cookware.
I'd assume that certain methods are easier in Pyrex than in stainless-steel, due to the rate that heat energy propagates through metal.
I'm glad I'm not the only one on these forums who is more concerned with pyrex no longer being borosilicate than I am with the security implications!
soda-lime = New Coke?
I would assume the best source for original-formula Pyrex would be:
* yard/garage/estate sales
* thrift stores
As I understand the process, making crack cocaine from powder cocaine is fairly simple. While more complex uses, like cooking meth, might require more sophisticated equipment, I highly doubt that cocaine suppliers in particular would be greatly affected by any change in Pyrex. Worst case scenario, they go to the store and buy a saucepan.
The Pyrex change was covered in the January 2011 Consumer Reports. Part of the problem in nailing down when the change occurred is that Pyrex made both soda lime and borosilicate versions (probably depending on what the end product was used for) for a few decades, before the current owners of Pyrex phased out borosilicate completely, sometime in the 1980s.
As you might expect, there are safety issues involved. Exploding cookware is starting to get some notice.
I've been wondering for a while why some of our older pyrex has a dull gray brown color at the edges, and the newer stuff has this green glow at the edges. Now it all makes sense. I guess I should beware of rapidly heating and cooling the green stuff.
Isnt being temperature INsensitive the ENTIRE POINT of buying Pyrex (it was for me up until a couple of minutes ago).
This is old news but a nice story. I always wondered how many were injured by the first round of exploding Pyrex. The claim that they must switch to stealing is nonsense: lab glass can be purchased discretely online and in many brick-and-mortar stores aimed at science. Hell, those stores even sell boxes of chemicals for kids, some of which are deadly. I'm sure the lab equipment would pay itself off in the first month with such a profitable product.
For those who are saying "metal" cookware it won't work because you cann't put it in a microwave.
I will let others post the recipe for "crack" but suffice it to say the name supposadly comes from the noise it makes as part of the process.
"lab glass can be purchased discretely online and in many brick-and-mortar stores aimed at science"
That's what sane people would do. There is however no telling with those involved with production or usage of a drug named after a part of our *ss.
It wouldn't surprise me if this effect was deliberate and/or that Pyrex was changed for that purpose. The government doesn't care how many people they kill in the name of protecting us from ourselves.
Metal cookware? Uh, I don't know much about drug chemistry, but generally acids + heat + pressure + steel = a corrosion problem. Even with stainless steel. Glassware is so popular in lab environments because nothing (short of nasty, nasty hydrofluoric acid) will eat through it...
Perhaps they reported the wrong drug?
@Nick P, @Dirk Praet
But can lab glass be obtained "cash and carry" with no need to supply a name or address?
The average criminal may be stupid, but even they know that it isn't a good idea to leave a paper trail.
I do not know why this is a security consequence. World kitchen did not want to spend the money on new emission controls so that they could continue using borosilicate, they choose to use soda-lime glass instead.
World kitchen is making a less durable product which presents danger to people cooking food as well as crack. Yeah, you can't make drugs anymore, but you can't bake a lasagna either.
I had the Pyrex branded lid of a new crock pot explode after cooking a pork roast for several hours at a time when the temperature should have been pretty much a constant state (no one was in the kitchen at the time). Glass was all over the counter and floor.
My blog readers tell me that in Texas it is illegal to purchase or possess certain types of laboratory glassware, e.g. Erlenmeyer flasks, without a government permit. My beef with Pyrex is that the measuring cups are getting squatter. This is probably to use less material to produce a vessel of the same volume, but it decreases the accuracy of the measurement, because the same depth of difference represents more sugar.
@ Bruce Clement
"But can lab glass be obtained "cash and carry" with no need to supply a name or address?"
What? An order form online that takes an arbitrary name, an address to drop something on, and a store-purchased MC/VISA gift card? I wouldn't call it much of a paper trail considering a crook can pay some broke college kid to do most or all of that for him.
Just payin someone else to be a middleman is the easiest solution, as the evidence goes from paper trail to "some young thug is telling them he got it for me." Cannon fodder for a decent defense attorney.
@Clive - is there anything you don't know? Your breadth of knowledge never ceases to amaze me!
Although, is there any truth in the rumour that you're actually a conduit straight to Wolfram Alpha?
Clive is just a text interface to Watson. :-)
"Although, is there any truth in the rumour that you're actually a conduit straight to Wolfram Alpha?"
Only his body is human. His brain's composition is proof of extraterrestrial intelligence: they're the only ones who could've built it. His purpose is to advance our civilisation while preventing the implementation of extremely bad ideas that could lead to our demise. He is succeeding on the first goal.
I do not understand why the fireproof lab glassware has to be stolen. Here, you can just buy it.
@ Dave, Richard Steven Hack, Nick P,
Thank you for your thoughts, they have made my ears turn a subtal shade of scarlet 8)
However the truth is somewhat less, I'm just very well read in some (eclectic) areas. I had a mind that could absorbe a couple of books a day (leisure reading) around 400 pages of A4 data sheets and papers a week and a couple of proffessional level books and be able to remember which page and paragraph a particular nugget of info was on virtualy instantly.
However somebody karate kicked my head into a metal pole one morning on the way to work and I've lost much of my cognative ability and I can nolonger speed read 8(
@Clive - someone should write your biography before some other brain-dead moron decides you're an easy target. I'm sure it would be a great read.
Sadly my life does not have enough of those "hooks" that sell a biography to the masses,
I used to know some one that wrote short biographies for various magazines as a hobby. They wrote mainly about military related acts of bravery in people and animals. But as it was a nich market they had started to branch out.
I once asked them whilst out walking what made a person or animal suitable for a biography. Their answer was lengthy but apparently outside of a niche interest group, for generalised reading and if you are still alive you need a life style that appeals to the readers baser instincts or to have been (in)famous in some way.
However you become of more interest to biographers if you are sufficiently (in)famous and (preferably long) dead. The reason is that convieniently neither you nor your friends and relatives can correct the biographers assertions based on at best very incomplete information.
Thus they can put spin on it and make you out to be a sinner, saint or martyr at their chosing irrespective of the truth of the matter. Then others come along and run with this in their biography and it turns out like a game of chinese whispers.
I've actually seen this happen, in the 19080's the early public information technology systems in the UK where BT's Prestel and Gold systems and a hacking culture based around the use of the Acorn home computers and one specific version the BBC Model B.
Various events occured some of which I was involved with however if you read about them from modern refrences you will get a totaly false impression of what actualy happened. One such incident came from BT Prestel's need to have "bulk update" software writen for various "home micros". Rather than pay developers they decided to make resources available to "all comers". They did this by setting up a Prestel system that was only available as a test resource.
On this test resource one of the things BT did was to make the prestel system admin account details openly available (ie via the login page). Worse the Prestel system stored passwords in plain text even though it was fairly well known back then this was a bad idea security wise. Apparently the reason was to make peoples lives easier for "customer support". What made the whole thing a disaster was rather than build a "fake system" the BT bods just copied across an entire live system. Thus making available the passwords for most user accounts.
Now... this little problem was discovered by someone who shall remain nameless and they showed a group of others at the GLC building in London, it was decided to show this to BT via some of their representatives. However one of them was Robert Schifren who was a journalist for Acorn User and a friend Steven Gold they showed this initialy to the secretary of Prestel's Micronet 800's Dave Babski, the result after significant escalation was both Robert and Steven getting taken to court on fraud charges.
Now shortly before this BT Gold's system got a black eye on live television. The BBC had a program to support the use of the BBC home computer, and they decided to have a "live special" and they invited the Owner of Acorn computers to demonstrate the use of BT Gold live.
Well Acorn's owner had a very well known account name and his password was trivialy guessable. To quite young turks in the community broke into the account shortly before the program and put a text file in the account of "the hackers song" and added a command tto the login script so it would be displayed on login.
Well on the BBC Micro Live program infront of the cameras Acorn's owner loged in and the text file was displayed, much to everyone's surprise and the general press lept on it. BT then made a number of PR mistakes and made some false statments, that I showed to be false to some of the people who were responsable for the Association of Computer Clubs. These people were responsible for managing the access to some areas of Prestels Micronet 800 areas. Unlike Robert and Steve when asked to 'demonstrate' this a sixth sense made me think "what's in it for me" to which the answer was nothing so I declined and possibly avoided the trap that Robert and Steven later walked into.
Now these where two seperate incidents on two sperate and compleatly unrelated BT systems, yet if you read the way it is reported today in quite a few places both incidents have been spun together and little of the original basic truth remains.
And incidentaly those who have done the spinning sometimes don't want to hear the truth of it. I found this out when a senior person at Kingston University wrote a book with his spun version of the story in it. I was studying at Kingston at the time and let one of my course tutors know the story and importantly how I knew. The tutor passed it on and the response that came back was that the books author considered that he was right and that I as a student should not question what he had written...
So the object lesson is plain honest but boring truth always loses to spun up glamour and excitement when it comes to books etc.
I only bought pyrex for it's temperature insensitivity. I prefer to heat coffee water in the microwave and I have always thought it safe to then immediately refill the pyrex with cold water to heat more water. What a ghastly and vicious con game to pull on one's customers!
@Clive: it actually crossed my mind to draw together all your 'significant' comments over the years both here and in other blogs where I've seen your work into some kind of "thoughts of Chairman Clive!"
It would be a best-seller amongst all the geeks and nerds of the world.
(all three of us!)
My knowledge of drug manufacturing comes from the show Breaking Bad, but isn't at least part of the reason glass is used (in addition to its non-corrosive qualities as others already pointed out) is so that you can see what you're heating in it? With glass, you can trivially tell when it's boiling or when a solution has gone from cloudy to clear, or the color has changed, etc.
@ Clive ... and Nick, etc.
I am a commoner nobody who likes to read this blog precisely because of the stories, anecdotes, mini-history lessons, etc., that you guys post about (mostly) security-related stuff. It is often interesting. And you guys bring out vectors of thought that would never have occurred to me, not having the background / experience that most of you seem to have ...
I have no idea if you guys know what you are talking about ... you seem to, and you certainly have me snowed if, indeed, you do not.
So all you guys ... including our esteemed host ... might be more interesting to fellow geeks/nerds than you might think (g).
As I said above to the others,
"Thank you for your thoughts, they have made my ears turn a subtal shade of scarlet 8)"
And no doubt when they catch your comment they to will have an 'ear burning fealing' or the equivalent moment 8)
As for Bruce, he has (if his photo is to be believed) a beard and pony tail so I guess he lives the Professorial Rock and Roll Jetset life style ;) Mind you it is said he has a dark side, by night he flits from restaurant to restaurant reviewing their comestables. So how he keeps his figure to be a Chuck Norris body double I realy don't know 8)
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.