I was browsing over this question and had some follow up questions from a practical perspective.
What tools will show the SSID of an AP with the SSID set to hidden or broadcasting disabled? I have looked at Kismet and similar tools but they don't seem to show the name of the hidden SSID. Do you have to use a packet inspector such as Wireshark to see this? If a packet inspector will show it, why wouldn't tools such as Kismet show it?
As for MAC filtering, it is trivial to see a list of clients connected to an AP. My understanding is the problem lies with booting the other client of the network so that there is no conflict? In which case, how could you do this if you are not on the network? Or would you join the network and have there be a conflict briefly while you removed the other client?
Perhaps it is as simple as deassociating the user and joining first, or some other sort of DoS attack?