As Matthew Green says, RC4 is old and crummy. The advantage is RC4 is pretty fast, requires less hardware and does not require padding such as CBC-mode. On the other hand, about 50 percent of SSL traffic uses RC4 because it was recommended to use instead of CBC due the BEAST and Lucky Thirteen attacks.
The multisession attack can only be carried out by a determined attacker who can generate sufficient sessions for the attack. Sufficient is defined as more than 16 million sessions where they can recover a limited amount of plaintext. As such, the attacks do not pose a significant danger to ordinary users of TLS in their current form. However, please remember the cryptographer’s adage: attacks always get better, they never get worse. Otherwise, fix it today, so you don’t have to fix it in the future.
The idea is the bytes coming out of the RC4 aren't quite random-looking. They have small biases. By getting many different encryptions of the same message using different keys, the attacker can use the small deviations to figure out what was encrypted.
The research team states there are several possible countermeasures against their attacks:
The bottom line is the industry needs to move to TLS 1.2 and use AEAD ciphersuites.
For website operators and browser users, you need to use the common support technique. Use the latest version of your software and apply patches as they become available.
I love the team’s answer to the question, “Why doesn't the attack have a cool name?”
Response, in Western culture, naming one's attacks after obscure Neil Young albums is now considered passé. And I thought Zuma, Re-ac-tor or Fork in the Road would have been great attack names. For now it’s just called the AlFardan-Bernstein-Paterson-Poettering-Schuldt (AlFBPPS) attack.
Updated April 4, 2013: Opera is making changes to address the problems with RC4. Hopefully the other browsers will follow suit.