In the spec?
OK, since everybody and their dog is saying this vulnerability is inherent in the 1394 spec, would someone please point me to the part that requires all of a computer's physical memory to be accessible via firewire?
Yes, 1394 specifies a "memory-like" model for (non-isochronous) transactions between nodes, but I don't recall anything that requires any particular mapping between this abstraction and the machine's RAM. This looks to me more like an implementation defect (though perhaps a widespread one).
I could be wrong though, and if so, I'm perfectly ready to be set straight.