Shimomura comes off as a completely annoying egomaniac who downplays the contributions of others and inflates his own achievements. Why he's considered an "elite security expert" when he was hacked by old, known techniques, and boasts that he doesn't use a firewall, is beyond me. However, Shimomura did the world a favor in helping catch and stop Kevin Mitnick. In Jonathan Littman's fascinating book The Fugitive Game, Mitnick's best friend Lewis De Payne is quoted as calling Mitnick "a sociopath." If the choice is between rooting for a bratty diva or rooting for a sociopath, I'll pull for the bratty diva. The self-obsessed Shimomura allows co-author Markoff to treat us to WAY more personal details than we want to know about him, but the second half of the book delivers a few useful insights into backtracing hackers. This is a slog of a read, recommended only if you are a security professional or hackers are your favorite topic. To make it more fun, try reading it side by side with the superior yet conflicting account in Littman's The Fugitive Game -- and decide for yourself who you believe.

It's a breezy read, which is pretty amazing, given the number of obscure details that Shimomura feels compelled to share, such as his lunch menu. Still, when you team up an experienced author with a brilliant subject matter expert, it shouldn't be a surprise that the result is something which demands attention.

The definitive story of Kevin Mitnick has still not been told--this is an interesting story, but it is hardly conclusive. Furthermore, given the author's attitude--he's got an ego a mile wide--it's difficult to accept everything in this book at face value. Certainly, Shimomura and Markoff had every incentive during their journey to work towards creating an exciting story. A critical reader must consider the possibility that they manipulated events in order to increase sales of their expected book. It is certainly possible that this did not happen, but how can you know?

A greater understanding of what Mitnick represents is important in developing an ability to think in useful information security ways. He's become such a cultural icon--a criminal genious in the eyes of one side, and a victimized innocent on the other. Neither of these simplistic views is accurate. I believe that Mitnick probably is a genius, but not in technical terms. He's truly one America's great con-men, and his story teaches us a great deal about how gullible normal people can be, and how easy it is for a smooth-talker with selfish motivations to manipulate normal people. There are a lot of lessons to be learned from a study of Mitnick, although the writers of this text provide minimal assistance in helping the reader draw useful conclusions about the story. They are much more concerned with showing how incredibly clever Shimomura is, purportedly tracking Mitnick from ISP to ISP across the Internet, and eventually right to his doorstep with a junior G-man RDF unit.

A Mitnick story that I believe is much more balanced is Jonathan Littman's book, "The Fugitive Game : Online With Kevin Mitnick," which is unfortunately out of print. While Littman's personal relationship with Mitnick--Mitnick apparently just likes him--also should be a datapoint in your evaluation of what actually happened, I think he takes care to make any potential bias clear, and to avoid it.

Littman raises some interesting questions about Shimomura. I summarize my feelings about the purported Mitnick attack on Shimomura like this: 1) Shimomura makes it widely known that he has software on his Internet server that is of interest to hackers. 2) He leaves an incredibly obvious security hole open on his Unix server that any Unix newbie would have known to plug. 3) He sends the syslog (system logging) data to another host, which just so happens to be REALLY TIGHT. If he's capable of capturing syslog records in such a secure and non-compromisable way, why did he leave r-services running on the server with the source code? We will probably never know if he actually created a honeypot with the intention of entrapping Mitnick and writing a book about it, but what he did was fully consistent with such a plan. Fascinating, huh? I guess you'll need to read the book to make up your own mind, but if that is what really happened, how do you feel about subsidizing it through reading the book?

We'll also never know if Mitnick was really the one who hacked into Shimomura's Sun box using a technique that was previously considered theoretical. Somebody did, and Mitnick certainly was aware of it, but I personally don't believe that Mitnick is technically capable of writing such hack code himself, and I'm not sure that he was the one to perform the exploit. The best description I know of this exploit is found in Stephen Northcutt's book, "Network Intrusion Detection."

So it is an important story that can help you develop a better understanding of Internet security, and both security experts and non-specialists could benefit from having a realistic view of the significance of Mitnick. For the time being, this is the most detailed book available, and as an autobiographical account of one the participants in Mitnick's takedown, the book will always have a certain historical significance. But be an especially critical reader with this one. Think through the motivations of the authors, and consider the possibility that Mitnick is a genius at social engineering, but only an average technician. If that's the case, then what really did happen? Read Shimomura's account, and make up your own mind.

I hastened to buy this book when it first appeared, but did not read it till later. At first I was put off by what I saw as extraneous details put in to pad the book out, or as plain bragging. By halfway through I was mellowing, and having finished the book I see it as an artistic whole that was enjoyable on two different levels.

Shimomura is clearly a high-flyer, outstanding from an early age, who could more or less pick his own assignments. Like Cliff Stoll, author of the broadly similar book "The Cuckoo's Egg", he got into computer security more or less as a sideline. The book tells how Kevin Mitnick, a notorious phone phreak and cracker, deliberately broke into Shimomura's computers and stole his files. That set the stage for a classic showdown, although Shimomura did get a lot of help along the way.

Until the final stages, remarkably little of that help came from the authorities, partly because the FBI and other agencies seem to have lacked technical expertise. Indeed the book is interesting as a study of how a loose-knit society like the IT establishment reacts to serious threats. If Shimomura's account is believed, not very much would have been accomplished without him.

About half the book is given over to "background" details - the author's social life, recreational pursuits (mostly skiing), thumbnail sketches of many computer and California personalities, even exact menus of what he ate and drank. He also explains lots of technical topics in a way that anyone can understand - from patching the Unix kernel to how telephone switches work.

It has been suggested that Shimomura staged the whole thing deliberately so that he could make money from this book. Despite his obviously healthy ego, that seems really far-fetched. There are many ways Shimomura could use his time profitably, and frankly writing books is not all that effective a way of becoming rich.

I can recommend this book warmly to anyone interested in computer security, or even in how the industry ticks. It also works, in a way, as a kind of detective story in a new key. I hope this is not Shimomura's last book.