FaceNiff takes Firesheep mobile, hacks Facebook and Twitter accounts in seconds

This may be impossible to prevent (for non-https users) but can't it at least be detected, i.e. in a coffee house setting, since the probability of two devices requesting the same user's FB page under normal circumstances is almost nil. Then you can let all requesters know and block any further traffic.<p>IDEABOLT: How about a startup selling self-contained routers to e.g. Panera, Starbucks, or B&#38;N that can add this extra security. Then they can advertise this as an extra differentiating feature.

Can someone knowledgeable elaborate on how this works? I'm not well versed in wi-fi MITM techniques.. Does it inject packets, pretending to be from Facebook's servers or is there some other trick to it?

Do the Facebook/Twitter mobile apps connect to their servers via SSL? Is this only a problem if you use the web version via your mobile phone?